Lead Governance Risk & Compliance Analyst

Bigcommerce Austin , TX 78719

Posted 2 months ago

BigCommerce is disrupting the e-commerce industry as the SaaS leader for fast- growing, mid-market businesses. We enable our customers to build intuitive and engaging stores to support every stage of their growth.

BigCommerce, named a 2020 "Best Place to Work" in Austin, is looking for a Lead Governance Risk & Compliance Analyst.

Do you love challenges? Are you passionate about security and love implementing regulatory standards? You want to be at the edge of learning new technologies, cloud frameworks and integrations? Do You feel like contributing to a common goal and being a part of a group of people who work together with respect, mutual support and clear strategic goals? The BigCommerce Governance Risk & Compliance Team is calling. The number one thing our customers care about is Information Security. The person who accepts this challenge will be able to make a large impact on the maturity of our Information Security Management System. In this role, you'll be helping guide the work to make BigCommerce a shining example of security best practices.

The work involves supporting our compliance programs, working with our teams to implement risk improvement processes and projects. BigCommerce is committed on being a leader in Information Security in the e-commerce space. Your skills and your passion for protecting data and ensuring compliance will be a large factor in BigCommerce's future success.

What you'll do

  • Function as a GRC lead within our Cybersecurity Team, leading by example, being diplomatic yet firm, fair, flexible and consistent in deploying industry-standard information security best practices and applicable laws, regulations, and policies.

  • Assistance in evaluating the design and operating effectiveness of the BC Integrated Secure Controls Framework (BC SCF) built from Industry Standards such as NIST, ISO 27001, PCI DSS around technology controls, including, but not limited to Software Development Lifecycle (SDLC), Logical Security, Data interfaces, availability/redundancy, and Cyber / Info security

  • Preparing supporting evidence, documenting test plans which clearly describes the audit procedures performed, results of testing and conclusions reached for various processes.

  • Facilitating independent auditors

  • Conduct third party risk assessments

  • Designing technology diagrams detailing the systems and their dependencies during the audit process

  • Assisting with the Department's data collection and analytics efforts and Internal Audit report preparation

  • Assisting in the development and tracking of control recommendations for corrective action/improvement

  • Work with Internal business units including engineering stakeholders to identify and continuously improve departmental practices

  • Operationalizing security controls from the BCSCF into day to day operations of our engineering teams and having fun while doing it

  • Monitor and demonstrate compliance with organizational policies and practices, as evidenced by strong quality assurance results, and strong performance within standards and related metrics.

  • Stay abreast of current issues and obtain continuing education and training.

  • Interact with internal organizations to provide effective risk and control advice, maintaining active communication to enhance risk and control awareness and manage expectations

  • Provide data analysis support for ongoing compliance monitoring

  • Maintain up-to-date knowledge about audit controls and techniques

  • Utilize innovative ideas and tools to enhance operational effectiveness

  • Evaluate and recommend improvements to business practices, processes, and controls

Who You Are

  • Bachelor's degree in CS, EE or MIS; or equivalent experience

  • 7 years of relevant experience in a technology environment

  • Experience with translating business requirements into project implementation plans and validation, including user acceptance testing

  • Knowledge of engineering principles and common frameworks

  • Knowledge of network-based services, client/server applications, cloud-based and virtualized environments, mobile applications, enterprise systems and infrastructure, network architecture, and security infrastructure

  • Passion about process improvement and removing friction from systems

  • Direct experience with audit and compliance frameworks, e.g., ISO 27001, 2007:2017, PCI, etc.

  • Background in IT concepts and processes used within the business, covering

  • Core security concepts

  • Cloud-based services

  • Windows and Linux operating systems

  • Open-source ecosystem (databases, applications, etc.)

  • Experience with auditing and evidence collection process.

  • Experience with the design and testing of IT security controls in a managed hosting and/or Software-as-a-Service environment

  • Experience in building relationships across business functions, locations, and technical stakeholders

  • Self-direction, attention to detail with a passion to solve practical problems while dealing with several variables

  • Ability to present ideas/solutions and communicate clearly, concisely, and accurately with others at all levels of the organization

  • Experience in reading the culture of a company, adjusting your style and adapting as needed

  • Collaborative, upbeat work ethic where you take ownership and have fun

  • Able to meet deliverables and drive your work to completion within specified timelines

  • Great verbal and written communication skills

Diversity & Inclusion at BigCommerce

We have the opportunity to build not only a great business, but a great company, with soul. Our beliefs and commitment to diversity and inclusion are a central part of achieving that.

Our dedication to diversity and inclusion is grounded in two things: a moral belief in the dignity, value, and potential of every individual, and a practical belief that diverse, inclusive teams will create the best outcomes for our customers, partners, employees, and company. We welcome everyone to be a part of our journey.

Current BigCommerce Employees: Please use the internal job board to apply for openings

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Data Sources Technical Analyst Lead

Deloitte & Touche L.L.P.

Posted 3 days ago

VIEW JOBS 11/26/2020 12:00:00 AM 2021-02-24T00:00 S&A-Data Sources Technical Analyst Lead- Project Delivery Specialist - PDM Are you an experienced, passionate pioneer in technology - a solutions builder, a roll-up-your-sleeves technologist who wants a daily collaborative environment, think-tank feel and share new ideas with your colleagues - without the extensive demands of travel? If so, consider an opportunity with our Project Delivery team. Work you'll do/Responsibilities * Acts as the internal team technical SME on the source system, responsible for creating the source system overview and technical specification documentation to interface with the system * Perform source system analysis, data profiling, and identify data reconciliation needs. The Team In this age of disruption, organizations need to navigate the future with confidence, embracing decision making with clear, data-driven choices that deliver enterprise value in a dynamic business environment. The Analytics & Cognitive team leverages the power of data, analytics, robotics, science and cognitive technologies to uncover hidden relationships from vast troves of data, generate insights, and inform decision-making. Together with the Strategy practice, our Strategy & Analytics portfolio helps clients transform their business by architecting organizational intelligence programs and differentiated strategies to win in their chosen markets. Analytics & Cognitive will work with our clients to: * Implement large-scale data ecosystems including data management, governance and the integration of structured and unstructured data to generate insights leveraging cloud-based platforms * Leverage automation, cognitive and science-based techniques to manage data, predict scenarios and prescribe actions * Drive operational efficiency by maintaining their data ecosystems, sourcing analytics expertise and providing As-a-Service offerings for continuous insights and improvements Qualifications Required * Experience with data analysis and Profiling * Experience with data solutions - Data Warehouse, Data Lake, Big Data etc. * High-quality analytical and problem-solving skills * Exceptional interpersonal and communication skills * Ability to gather requirements, develop pertinent and thoughtful analysis and develop data mapping deliverables (source to target data flow along with the data transformation/ enrichment) * Bachelor's degree in information technology or equivalent Preferred * Familiar with data modeling concepts, ETL background and knowledge of SQL, DB, No-SQL etc. * Retail, Finance or accounting experience is preferred Additional Requirements * Must be willing to work remotely with limited travel to Bentonville, Arkansas; relocation to Bentonville may be required in the future How you'll grow At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there's always room to learn. We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs at Deloitte University, our professionals have a variety of opportunities to continue to grow throughout their career. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Deloitte's culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte's impact on the world. Recruiter tips We want job seekers exploring opportunities at Deloitte to feel prepared and confident. To help you with your interview, we suggest that you do your research: know some background about the organization and the business area you're applying to. Check out recruiting tips from Deloitte professionals. As used in this posting, "Deloitte" means Deloitte Consulting LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law. Requisition code: E21AUSCACSOG031-PDM * * * * * * Deloitte & Touche L.L.P. Austin TX

Lead Governance Risk & Compliance Analyst