IT Security and Compliance Analyst

Security and Compliance Analyst

Job Summary: We are seeking a highly skilled and motivated Security and Compliance Analyst to join our dynamic team. The ideal candidate will play a crucial role in ensuring the security and compliance of our organization by supporting the implementation of ISO 27001 and conducting internal audits. The candidate should also have expertise in other compliance standards such as SOC 2, HIPAA, FedRAMP, and other relevant frameworks. This position requires a detail-oriented individual with strong analytical and communication skills and solid understanding of security concepts, processes, and technologies.

Job Responsibilities:

1. ISO 27001 Implementation:
   • Support the implementation of ISO 27001 Information Security Management System (ISMS) program and relevant certifications.
   • Collaborate with cross-functional teams to establish and maintain security policies, procedures, and controls.
2. Internal Audits:
   • Plan, execute, and manage internal audits to assess compliance with ISO 27001 standards and other relevant standards.
   • Identify areas of improvement and provide recommendations for enhancing security and compliance measures.
3. Compliance Standards:
   • Stay current on industry-specific compliance standards such as SOC 2, HIPAA, FedRAMP, and others applicable to the organization.
   • Implement and manage compliance programs to meet regulatory requirements.
4. Risk Management:
   • Conduct risk assessments and work with relevant teams to develop mitigation strategies.
5. Documentation and Reporting:
   • Maintain accurate and up-to-date documentation related to security and compliance activities.
   • Prepare and deliver reports to management on the status of security and compliance initiatives.
6. Collaboration:
   • Collaborate with internal teams, external auditors, and third-party vendors to facilitate compliance assessments and audits.

Qualifications:

• Bachelor's degree in information security, Computer Science, or a related field.
• Professional certifications such as CISA, CISSP, ISO 27001 Lead Auditor, or equivalent.
• Proven experience in implementing ISO 27001 and conducting internal audits.
• Familiarity with other compliance standards such as SOC 2, HIPAA, FedRAMP, etc.
• Strong understanding of risk management principles and methodologies.
• Excellent communication and interpersonal skills.
• Ability to work independently and as part of a team.
• Experience with GRC tools.

The US base salary range for this full-time position is $120,000-$165,000. Fortinet offers employees a variety of benefits, including medical, dental, vision, life and disability insurance, 401(k), 11 paid holidays, vacation time, and sick time as well as a comprehensive leave program.

Wage ranges are based on various factors including the labor market, job type, and job level. Exact salary offers will be determined by factors such as the candidate's subject knowledge, skill level, qualifications, experience, and geographic location.

All roles are eligible to participate in the Fortinet equity program, Bonus eligibility is reviewed at time of hire and annually at the Company's discretion.

#LI-BHAVYA