The Compliance and Assurance team's mission is to strengthen Okta's position as the leading Identity-as-a-Service solution through a security-first approach to compliance. We are looking for someone with a strong IT background and experience in the technical implementation of SOC2 and ISO27001 Controls who wants to expand and grow into the Security and Data Privacy realms, and take a lead role in providing customers with confidence in Okta's leadership in the identity space. As our Senior Analyst, you will support compliance initiatives by engaging various process owners in the design, documentation, implementation, and monitoring of the appropriate IT controls in our computing environments, and demonstrating those controls to external auditors. You will play a key role in ensuring that Okta meets the requirements from a variety of regulation and compliance standards, such as SOC2, ISO 27001, FedRAMP, EU Directive, and SOX.
The ideal candidate will have hands-on experience with the technical implementation of SOX and ISO controls in a cloud-based environment using tools such as Salesforce, Okta, ServiceNow GRC, JIRA and others. This position requires a unique set of skills including project management, the ability to communicate with both internal and external auditors, and an eye towards future standards and regulations that will impact our customers. If you're a self-starter who wants to make a difference in global cloud security, we want you on board.
Job Duties and Responsibilities:
* Execute audits of the company's IT computing environment, with focus on security controls
* Perform IT controls testing and develop recommendations based on confirmed observations
* Work with process and control owners to help them understand the audit results, identify remediation options and prioritize their closure
* Work with the Security Team in identifying security gaps as reported by internal and external customers
* Assist management in the development of the appropriate security documentation, including system security plans, information security policies and risk assessment procedures
* Assist management in assessing security impact on changes to the systems and applications
* Perform other IT security and compliance related tasks as assigned by management
Minimum REQUIRED Knowledge, Skills, and Abilities:
* Bachelor's degree in Computer Science or Management Information Systems
* In-depth knowledge in IT security frameworks and best practices, such as NIST-800 publications, CoBIT, CCM, and Trust Principles and Criteria
* Experience in IT regulation and compliance standards such as SOC 1 and 2, ISO27001, and FedRAMP
* Working knowledge of terms and concepts used in information security, privacy, risk assessments and contingency planning
* Understanding of IT methodologies, such as software development lifecycle and operations
* Strong analytical and problem solving skills and the ability to "think-out-of-the-box"
* Excellent oral, written and presentation communication skills
* Able to work independently or with a team
Helpful Certifications / Skills:
* Certified Information System Auditor (CISA)
* GIAC Security Essentials (GSEC)
* Certified Information Systems Security Professional (CISSP)
* Certificate of Cloud Security Knowledge (CCSK)
* Familiarity with JIRA and ServiceNow GRC
Okta is an Equal Opportunity Employer
Okta operates an integrated system that connects persons via devices.