Senior Security Automation Engineer, Compliance

We are a Security company and Okta’s Customer Identity Cloud Product Unit (CICPU)  Security & Compliance team is in the privileged position of supporting a security-first culture for a company that wants to make the internet safer.

We are seeking a Security Compliance Analyst who can help execute a wide range of assessments and audits across the entire organization. This role will work closely with Security and Compliance leadership to strategize and scope assessments, identify key risk areas, and establish baseline control alignment for continued organizational growth and maturity. 

Responsibilities

• Design, implement, and oversee the execution of the IT controls program including periodic control testing (e.g., design and effectiveness) sufficient to meet compliance requirements and to satisfaction of internal/external auditors.
• Provide ongoing training, guidance, support, and IT control and compliance status reporting to the company to build awareness of and promote a progressive and sustainable compliance culture.
• Build and maintain effective working relationships and liaise with Product unit control owners to collect, report, and retain compliance documentation.
• Identify control gaps and potential remediation steps; lead and/or assist process re-design and coordination of remediation efforts.
• Collaborate with and advise Product unit resources on implementing IT controls that achieve risk and control objectives while striking a balance between costs vs. benefits.
• Document and maintain risk-based compliance policies and procedures; Develop and maintain IT controls-related content for Information Security & Compliance.
• Assist in effective management of internal and external audit efforts and partnerships; Drive for timely submission of critical audit and compliance deliverables.
• Perform QA reviews of IT controls-related work products (e.g., user attestation packages) and client assistance documentation prior to delivering to internal and external auditors, clients, and business partners.
• Assist with IT-related aspects of vendor risk management program functions (e.g., risk assessments, due diligence documentation reviews, control testing, and contract reviews).
• Maintains updated knowledge in the field of risk management and compliance to efficiently work on frameworks including NIST 800-53, SOC-2, HIPAA, PCI-DSS, ISO 27001 / ISO 27018, HITRUST, and ISMAP.

Preferred Qualifications:

• Bachelor’s degree required: BS in Computer Science, Information Security, or related field.
• A minimum of 2+ years of experience in the field of Information Security, Cybersecurity, Audit, and/or Compliance is required.
• STRONG project management skills/abilities. Must be able to bring order to chaos. 
• 2+ years of SaaS or Cloud security experience is desirable.
• Deep knowledge of at least two or more security frameworks NIST Cybersecurity Framework controls, COSO Risk Framework, NIST 800-53, ISO, and the ability to determine measures that will satisfy controls, design controls, and determine solutions are strongly required.
• At least 1 professional security management certification: e.g. Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Security Auditor (CISA)
• Knowledge of industry cloud technologies such as Azure, AWS, or similar
• Ability to quickly adapt to shifting priorities, demands, and timelines through both analytical and problem-solving capabilities
• Experience with GRC tools, technology, and implementation

Other Competencies:

• Project Management: Plan and manage several projects to meet compliance and security requirements. Effectively communicate with other teams at Okta during the entire project cycle. 
• Understanding of security functions including Incident Management, Change Management, Identity and Access Management, and Vendor Security Risk Management
• Self starter and leading initiatives in key areas that could lead to potential non-compliance

#LI-JB2