Security Compliance

Orange People Menlo Park , CA 94025

Posted 2 weeks ago

Client is seeking an experienced InfoSec Compliance Analyst to join the Information Security team. This position will be responsible for understanding and supporting the design of client's organizational, procedural, and technological security controls within the context of the global regulatory frameworks applicable and its suite of affiliated businesses. The position will help implement, automate, document, and maintain controls while supporting and responding to inquiries from internal and external stakeholders and regulators. An ideal InfoSec Compliance Analyst is someone that has a solid understanding of the broad aspects of information security and can apply that knowledge to solve problems. This role requires a broad mix of business and technical acumen coupled with polished communication and a strong desire to learn.


  • Perform assessments of security controls and processes to identify gaps and support the implementation of appropriate mitigations.
  • Understand technical implementation details necessary to assess security risks and design practical security controls.
  • Assist with aligning and codifying controls to show how they are mitigating information security risk.
  • Participate in the development and oversight of required corrective action plans relating to security compliance issues.
  • Support the identification, implementation, and maintenance of automated technical security controls required by various technical regulatory compliance frameworks.
  • Help demonstrate Facebook’s commitment to security within the company and to external parties.
  • Identify, research, and evaluate new compliance requirements and present them to the team and business.
  • Partner with team members and cross-functional groups to create successful security programs that align with compliance requirements.
  • Understand the security needs of internal and external stakeholders, regulators, and auditors. Support business relationships with the internal and external security auditors and regulators.
  • Assist with responding to external requests inquiring about Facebook's Information Security program including activities like audit management, evidence gathering, scoping, control walkthroughs, etc.
  • Assist with daily technical security activities and functions such as assessing vendor security risks, provisioning and reviewing access, creating and maintaining security reports/dashboards, etc.
  • Support the communication of policies, procedures, and plans to internal stakeholders regarding security and compliance best practices around applicable laws, regulations and controls.


  • 3+ years of experience leading and delivering information security assessments.
  • Knowledge of information security concepts and experience applying them at scale.
  • Hands on with US Laws.
  • Experience performing information security risk assessments and control gap assessments.
  • Experience with communication and independently leading projects to completion.
  • Experience working with fragmented data to create metrics and insights.
  • Experience working with Security Controls across 1 or more domains: Access Management, Encryption, Network Security, Data Security, Configuration Management, Vulnerability Management, Physical Security etc.
  • Experience working with leadership and engineers.
  • Experience working independently and collaboratively across various levels and teams.


  • Bachelors in computer science, computer engineering, or business technology
  • Security consulting experience or related professional services/consulting background
  • Experience with, and strong understanding of, most of the following security compliance frameworks, controls, and best practices: AICPA Trust Principals (SSAE 16 - SOC 2 and 3), ISO 27001/27018, OWASP Top 10, PCI DSS, CIS, NIST CSF, NIST 800-53, NIST 800-30, GDPR, regulations governing personally identifiable information (PII), and other applicable regulatory compliance frameworks
  • Familiarity with scripting languages, SQL, PHP, python, and web development
  • Certifications in one or more of the following areas: CISSP, CISA, CISM, GISO, GCIH, CIPP
  • Strong desire to learn and continuously develop and deepen technical skills
icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Security Policy Risk And Compliance Manager


Posted Yesterday

VIEW JOBS 11/18/2019 12:00:00 AM 2020-02-16T00:00 The Security Policy, Risk and Compliance Manager will be someone that has a passion for leading a team which evaluates Information Security risk to inform pragmatic policy, standards, and guidelines. This person will also be responsible for helping to design and iterate on security controls to address these risks in a way that helps empower and maintain Facebook's culture of rapid innovation. In this role, you will stay informed about the dynamic regulatory landscape, industry trends and internal operations, and will communicate and drive delivery of innovative solutions for compliance at scale. This position requires a mix of broad business and technical acumen with strong people-management skills, the ability to inspire and influence decisions around security risk management, and a polished ability to communicate with key executives, external regulators, and the public. RESPONSIBILITIES * Lead, build, retain, and develop a team of Information Security professionals that are passionate about identifying, assessing, and mitigating security risk while empowering Facebook's rapid innovation and growth. Support the team to develop and communicate policies, procedures, guidelines, and plans to internal stakeholders regarding security and risk management. Create robust, scalable programs to deliver policy and compliance objectives in product areas and general technical infrastructure. Design, implement, maintain, and improve programs to address key company risks and prepare internal teams for independent assessments against a wide variety of regulatory and compliance frameworks. Find practical solutions to standardize and scale across Facebook. Provide robust assurance of the operational effectiveness of our compliance controls. Define metrics to track program progress and maturity for various stakeholders. Improve controls for internal systems, processes, and policies. Collaborate with internal teams and external auditors throughout compliance assessments. Understand technical implementation details necessary to assess general and situational Information Security risk. Responsible for the development and oversight of required mitigation plans relating to information security risk and policy exceptions. MINIMUM QUALIFICATIONS * B.S. in computer science or equivalent experience. 8+ years of experience in global security policy and risk management. 3+ years of people management experience. Experience in Information Security policy development and risk management at tech companies. Knowledge of pragmatic security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc. Demonstrated leadership experience working and communicating at executive levels. Experience developing and producing security metrics and reports that are meaningful and actionable across various audiences. Conceptual, critical thinking, and sound judgment with strategic orientation and experience performing tactically. Experience providing technical knowledge appropriate to delivery of security protections. Experience in technical concepts similar to cloud computing environments: logical access control, agile development process, secure coding principles, security architecture, information security, network security, and privacy. PREFERRED QUALIFICATIONS * Ability to influence across all levels of the organization. Excellent project management skills. Eagerness to learn new things and discover emerging and new data trends. Great attention to detail with excellent leadership and problem-solving skills. Facebook is committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at Facebook Menlo Park CA

Security Compliance

Orange People