Principal Risk and Compliance Analyst- SAS70 / SSAE 16 Job in Pleasanton, California US
Principal Risk and Compliance Analyst- SAS70 / SSAE 16
GENERAL SUMMARY The EMC OnDemand Information Security Risk Management team is looking for a hands-on individual to work in a fast paced environment. The Principal Risk and Compliance Analyst will assist in designing and implementing an infrastructure for a high growth enterprise cloud computing environment. The ideal candidate should have experience in risk management, auditing, SAS70 and SSAE 16 and Systrust certifications. The candidate should have exposure working within a highly regulated environment for a large publicly traded company. And have an understanding of compliance regulations for data management and privacy related to Sarbanes-Oxley, USA Patriot Act, Gramm-Leach-Bliley Act, California Senate Bill 1386, PCI and HIPAA. The person should ideally have worked in banking, technology, medical or pharmaceutical industries or come from a big-four consulting firm. The individual will develop security risk assessments to identify the impact of vulnerabilities to the enterprise environment; recommend mitigating controls; and drive action plans to implement controls in a controlled time line. The person is expected to be a team player with good problem solving, organizational and verbal and written communication skills. Some business travel may be required. PRINCIPAL DUTIES AND RESPONSIBILITIES Required experience: · A minimum of 8 to10 years of IT security, compliance and risk management experience in support of networks, systems, and security initiatives; · Development of policies, procedures, standards and guideline; · Experience in developing BCP and DR plans; · Have conducted or facilitated SAS70 / SSAE 16 certifications; · Knowledge of Windows Server 2008 R2 and UNIX or LINUX administration; · Cryptography experience with encrypting data in transit and storage; · VMware virtualization; · Compliance regulations see above general summary; · Experience in writing IT security risk assessments using NIST RMF or CERT OCTAVE frameworks; and · Certified as a CISSP, CISA, CPA or equivalent. Supplemental experience may be considered: · Network or host based IDS and IPS (e.g., SNORT, Tripwire, Powerbroker) · Security Incident Event Log applications (e.g., Symantec Security Information Manager, Arcsight ETRM, RSA enVision) · EMC storage · Scripting (Powershell, Perl, UNIX shell scripting) · MS SQL 2008 or Oracle 11g · IIS Web Servers · Identity Access Management (Single sign-on, RBAC, LDAP) · Operations monitoring and incident response background · Bachelors Computer Science degree or higher EMC is an Equal Employment Opportunity employer that values the strength diversity brings to the workplace. EMC does not accept unsolicited Agency Resumes. EMC will not pay fees to any third party agency or firm that does not have a signed "EMC Agency Fee Agreement".