Senior Compliance Analyst

Domo•American Fork, UT

3d•Onsite

About The Position

Domo's AI and Data Products Platform lets people channel AI and data into innovative uses that deliver a measurable impact. Anyone can use Domo to prepare, analyze, visualize, automate, and build data products that are amplified by AI. This position requires you to be in office 5 days a week. The Senior Compliance Analyst is a key member of Domo’s Compliance team responsible for evaluating and supporting compliance initiatives covering information security, policy, risk management, data classification, vendor management, privacy, audit, and awareness. This position assists other members of the Compliance team with designing, developing and implementing information security policies and documentation, assessing compliance with existing policies, and overall compliance with security-related requirements from customers. Also, this position assists with performing security assessments and monitoring and tracking compliance status; developing and improving processes, procedures, standards, and guidance; providing guidance on security control implementation; and defining and implementing process improvement and maturity initiatives. The position will also be responsible for assisting in developing policies and procedures and evaluating risks and controls to support the company’s Federal Information Security Management Act (FISMA) Security Accreditation (FedRAMP), ISO 27001, ISO 27018, SSAE 18, HITRUST, and other regulatory and compliance initiatives. Success in this role requires a good understanding of information security best practices, strong security knowledge, ability to understand and communicate risk and controls, organization, planning, good communication and writing skills.

Requirements

Bachelor's degree in Computer Science, Information Technology or related field
Minimum of 3 years’ experience in compliance, audit, and/or information security
CISSP, CISA, CCSA or equivalent certification required
Familiarity with enterprise-level compliance tools such as ServiceNow, Archer or other industry equivalent software
Knowledge and experience in NIST SP 800-53 Rev 4, ISO 27001, ISO 27018, SSAE 18, HIPAA and HITRUST
Experience in cloud based environments for production applications, including Amazon Web Services, Microsoft Azure or other large scale cloud deployment
Understanding of risks and controls as they pertain to information security and data privacy
Interpersonal skills to work as a team member and as a liaison
Excellent verbal communication, presentation, organizational and planning skills

Responsibilities

Work with internal stakeholder engineering teams to document the implementation of security compliance control implementations for technical, management, and operational requirements
Collect and document technical architecture, operational processes and security policies from multiple internal engineering teams
Assist with gap analysis of current policies, procedures and practices as they relate to established guidelines outlined by NIST, FISMA, HIPAA, and other regulatory standards
Perform risk assessments of technology infrastructure and operational processes and controls for assigned areas
Build and maintain the controls matrix, in alignment with multiple compliance frameworks, including SOC 1 & SOC 2, ISO 27001, ISO 27018, HITRUST, and HIPAA
Assist in establishing rules for risk analyses and security assessments which includes addressing controls defined by NIST SP 800-53 for both business operations and technical implementations throughout the company
Assist in and develop information security training and awareness programs
Perform vendor security assessments and interface with vendors on occasion

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume