Senior Cyber Security and Compliance Analyst

Location:Australia, Melbourne, Sydney
Job Type:Full Time

Cyber Security & Compliance Senior Analyst (IC3)

This position reports to: Manager - Security and Operations Compliance, APJ

ServiceNow is changing the way people work. With a service-orientation toward the activities, tasks and processes that make up day-to-day work life, we help the modern enterprise operate faster and be more scalable than ever before.

We’re disruptive. We work hard but try not to take ourselves too seriously. We are highly adaptable and constantly evolving. We are passionate about our product, and we live for our customers. We have high expectations and a career at ServiceNow means challenging yourself to always be better.

What you get to do in this role:

We’re looking for a highly motivated, collaborative and technically experienced Security & Compliance Senior Analyst with ability to understand and influence cloud operational and security processes, effectively communicate ServiceNow’s controls including intent, and drive changes within the organization through effective testing. The successful candidate must be reliable, resourceful and have a “can-do” attitude.

You will be a key member of our team and play an important role in defining the Security and Compliance framework for a leading cloud company. In this role you will be required to demonstrate ability to analyse difficult problems, think out-of-box and provide pragmatic solutions and recommendations.

ServiceNow current compliance initiatives are focused on, but not limited to ISO 27001, ISO 27018, IRAP, MTCS, Korean ISMS, PCI, SSAE 18, SOC 2, HIPAA, 21 CFR Part 11, and NERC CIP. Security and Compliance Senior Analyst will be involved in driving and measuring compliance for the cloud business systems, control areas, process, and product for company compliance initiatives.

Responsibilities:

  • Successfully drive security compliance testing activities across various teams within the organisation
  • Lead with successful completion of security risk assessmentactivities
  • Contribute by enhancing and maturing the existing common controlframework
  • Perform activities to help measure and monitor compliance with company policies and procedures
  • Facilitate customer and certifier requests and information gathering for audit activities and lead onsite audits.
  • Help our customers understand ServiceNow’s security and compliance control environment
  • Contribute in enhancing our GRC tool and processes to meet compliance business needs
  • Develop/Enhance dashboard for management level reporting

In order to be successful in this role, we need someone who has:

  • 8+ years working in the field of cyber security compliance, security risk or audit
  • Direct and recent working experience with at least two of the following compliance programs: IRAP, MTCS, Korean ISMS, ISO 27001, PCI, SSAE18, SOC2, HIPPA, 21 CFR Part 11, and/or FedRAMP.
  • Prior experience working in the Security and Compliance group at a SaaS/Cloud company or with Security and Risk practice of a Big Four firm
  • Relevant professional certifications such as CISSP, CISA, CISM, CIPP, GIAC, PMP
  • Demonstrated experience managing large projects
  • Experience with GRC systems
  • Demonstrated experience to highlight depth of compliance requirements knowledge and experience that enables complex analysis and advice to functional management
  • Excellent report writing skills, ability to prepare compliance reports and associated metrics
  • Excellent verbal and written communication skills
  • Be able to work effectively with other members of the GRC organization to drive results

It is a requirement of this position that the successful candidate must be an Australian Citizen and currently hold or obtain a minimum Australian Baseline Security Clearance

Work Environment

We provide competitive compensation, generous benefits and a professional atmosphere. This is a very collaborative and inclusive work environment where individuals strong on aptitude and attitude will have an opportunity to grow their professional careers through working with some of the most advanced technology and talented developers in the business.