Lead Security and Privacy Compliance Analyst

About Zone & Co.

Zone & Co is a leading SaaS company committed to freeing finance teams from the limitations of clunky, disparate systems and manual processes. Our rapidly growing portfolio of solutions is built on the oracle NetSuite platform (the leading cloud-based ERP software platform) and offers advanced automation and integration solutions to a wide spectrum of business-critical functions, including complex billing & revenue recognition, to off-the-shelf advanced reporting, Payroll, AP automation, payments, reconciliations, approvals and more. 

Zone helps over 3,000 companies worldwide work smarter, faster and more securely, whilst maximizing platform value. We do this with a growing innovation-minded team with employees, based across North America, Europe and Asia Pacific. 

Our journey is exciting and we welcome talented individuals looking to grow alongside us. If this sounds interesting to you, we’d love to hear from you!

Learn more at www.zoneandco.com or follow us on LinkedIn: linkedin.com/company/zoneandco.

About the job

The Lead Security and Privacy Compliance Analyst plays a critical role in ensuring Zone's adherence to legal, regulatory, and professional standards in data protection and business practices. This involves overseeing compliance with laws, regulations, and internal requirements, as well as supporting audits for SOC 1, SOC 2, and ISO 27001.

Reporting to the Senior Director of Security and Information Technology within the Information Security team, this position collaborates closely with other teams to establish, develop, implement, and maintain robust security and privacy compliance programs. Key responsibilities include identifying and mitigating internal and external security and privacy risks, developing and updating IT policies and procedures, managing audit engagements, and collaborating with internal and external stakeholders to address compliance issues.

 This role involves the development of new IT policies and procedures, the maintenance of existing protocols, the coordination of audit procedures with internal audit teams and external partners, and active engagement with colleagues across Zone and Co to evaluate the current state of compliance.

To excel in this role, the Lead Security and Privacy Compliance Analyst must possess a diverse skill set encompassing IT systems, applications, infrastructure, security, audit, and risk assessment. They must prioritize effectively, distinguishing between urgent and less pressing issues.

 Ultimately, the role is accountable for safeguarding Zone's data, reputation, and operational continuity by effectively managing risks and ensuring regulatory compliance.

Responsibilities:

• Supporting the Information Security team with ongoing compliance efforts related to SOC 1, SOC 2, ISO 27001, and other certification, along with general state, federal, and international privacy, and security requirements.
• Take point on all internal and external audits and related artifacts.
• Develop and implement a comprehensive security risk management framework, ensuring it aligns with industry best practices and regulatory requirements.
• Ensure the organization complies with relevant industry standards, regulations, and contractual obligations related to security.
• Ensuring the organization complies with Federal, State and International regulations and policies as they relate to privacy and security.
• Oversee regular security risk assessments to identify potential vulnerabilities and develop strategies to mitigate risks effectively.
• Oversee the development, implementation, and maintenance of security and privacy policies, procedures, and protocols.
• Maintaining a matrix of client compliance requirements and performing regular compliance reviews.
• Stay current with emerging security threats, trends, and technologies to ensure the organization remains proactive in its security posture.
• Provide guidance and support to business units on security, privacy, and compliance matters, acting as a subject matter expert.
• Collaborate with internal stakeholders to ensure security and privacy controls are implemented and maintained across the organization.
• Coordinate audits and assessments to assess the effectiveness of the security risk management program and ensure compliance with applicable regulations.
• Develop and deliver security and compliance awareness training programs to educate employees on security risks, best practices, and compliance requirements.
• Develop and maintain relationships with external partners, regulatory bodies, and industry organizations to stay informed of regulatory changes and collaborate on security initiatives.
• Foster a culture of security awareness and accountability throughout the organization by promoting best practices and maintaining an effective risk management program.
• Provide regular reports and updates to senior management and stakeholders on the state of security risk and compliance.
• Evaluate and recommend security tools, solutions, and services to enhance the organization's security, privacy, and compliance posture.
• Supervise and mentor more junior team members.
• Continuously assess and improve the organization's security, privacy, and compliance programs.
• Assist in the development and implementation of Business Continuity Planning and testing.
• Maintain Zone's trust portal and manage access for existing and prospective customers.
• Monitoring the implementation of any prescribed corrective actions resulting from client assessments.
• Conducting interviews and discussions with a variety of client stakeholders, including IT system personnel such as Information System Security Officers (ISSOs) and system administrators
• Conduct and manage third-party risk assessments.

Requirements

• Good working knowledge of compliance, security, governance, audit, and risk concepts and practices.

• In-depth understanding of common security and privacy standards, regulations, and laws relating to a cloud software development company (e.g., SOC 1, SOC 2, ISO 27001/2, ISO 27017).
• 5+ years' experience in performing information security audits, risk assessments, cyber risk management, or compliance.
• Experience in vulnerability management, including lifecycle, follow-up, and reporting.
• Ability to work independently.
• Proficient in documenting risk and compliance activities, including how to ensure documentation is actionable rather than for the mere sake of compliance.
• Experience in performing information security audits or risk assessments and familiarity with conducting security auditing processes professionally.
• Excellent interpersonal, communication, and presentation skills and a level of professionalism in dealing with third parties.
• Experience in developing security standards and guidelines based on best practices and industry standards.
• Advanced computer skills and excellent written and oral communication skills.

Nice-to- have:

• At least 5-10 years of compliance experience.
• Knowledge of securing cloud based solutions (AWS, Azure)
• Certifications: CISA, CRISC, CISSP, CISM, CCSP, AWS Security
• Management of regulatory, internal, or external audits, or experience as an auditor.
• Familiarity with using or implementing Governance, Risk, and Compliance (GRC) products/solutions.
• Experience reviewing and redlining security terms in contracts.

Benefits

At Zone, our benefits are designed to enrich your life beyond the workplace. Recognizing that work is just a fraction of your overall life experience, we are dedicated to providing robust support. As a fully remote company, we prioritize flexibility and balance. Explore our comprehensive list of benefits at Zoneandco.com. 

Zone and Co is an Equal Opportunity Employer committed to diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, age, national origin, disability, protected veteran status, gender identity, or any other factor protected by applicable federal, state, or local laws.

We strongly encourage candidates of all different backgrounds and identities to apply. This is an opportunity for us to bring in a different perspective and we’re eager to further diversify our company. Zone & Co is committed to building an equitable, inclusive, and supportive place for you to do some of the greatest work of your career.