The Basics
The Senior Cloud Compliance Analyst is the focal point for Tanium’s compliance program(s) and has responsibility for internal and external parties, driving high-level processes related to continuous improvement of requirements for ISO 27001, SOC2, plus other frameworks and managing/leading the initiative to support the ongoing compliance requirements and maintenance for Tanium. Acts as a subject matter expert (SME) to ensure that the program’s stakeholders and control owners understand expectations, commitments and dates for recertification timelines.
The ideal candidate demonstrates in-depth knowledge and experience in GRC, compliance frameworks, cloud security controls implementation, compliance auditing, accreditation/certification and the creation of risk management frameworks involved to define needs and goals and guide continual improvement approaches. The Senior Cloud Compliance Analyst should demonstrate command of or acute familiarity with the CSAs Cloud Controls Matrix, with NIST 800-53 / 800-171, with the ISO 27000 series and SOC2, plus other requirements. The Senior Cloud Compliance Analyst is accountable for ensuring that business operations are effectively and consistently in compliance with Tanium’s information and cloud security practices.
What You'll Do
- Security Audit Management:
- Manage the relationships and execution of operational processes related to internal and external audit
- Act as a key initiative driver and SME in in Tanium’s pursuit of industry certifications
- Assess and review new vendors for optimal controls implementation and compliance
- Works with stakeholders and control owners on the collection and uploading of evidence to meet auditor requirements and timelines.
- Ensures day-to-day compliance with relevant laws, regulations, and internal policies.
- Conducts compliance audits and risk assessment.
- Ensures adherence to the implemented controls
- Monitors and reports on compliance status and issues
- Collaborating with IT and security teams to address compliance gaps and works on corrective actions
- Information Risk Reporting:
- Play the lead role in ongoing reporting requirements
- Works as a partner between the stakeholders, control owners and the auditors
- Communicates the program’s expectations, commitments, timelines and the results of findings
- Make recommendations for improvement through concise, high-quality reports
- Security Assurance Program Development and Management:
- Develops and manages the program plan for stakeholder and control owner visibility into tasks, issues/risk and timelines
- Communicates on a weekly basis through status reporting for stakeholders and control owners
- Integrates the tracking compliance frameworks with the requirements of emerging Customer-Facing Cloud Infrastructure Frameworks at Tanium
- Writes and revises Tanium’s System Security Plans (SSP), Plan of Actions & Milestones (POA&Ms), policies, standards, procedures, guidelines and other documentation based on Tanium’s business needs
We’re looking for someone with - Education
- Bachelor's Degree in Computer Science, Engineering, IT, InfoSec or other relevant degree or equivalent work experience
- Experience
- Extensive experience in cloud security and compliance (usually 5+ years for senior roles)
- 5-7 years business/technical/information security/risk compliance experience
- Experience in information security risk analysis, auditing, compliance, policies, and overall governance and communication
- Strong understanding of cloud platforms and of hybrid IT systems, networking, and cloud environments (AWS, Azure, Google, etc.)
- Demonstrated success implementing Information Security control frameworks and standards such as ITIL, CIS Top 20, SOC 2, GDPR, NIST CSF / 800-53, FISMA, and FedRAMP
- Strong knowledge of audit and risk management methodologies, such as COBIT, NIST 800-37/800-30, FAIR
- Experience with GRC, IAM, and risk management tools and solution
- Experience with information security tools and solutions.
- Has delivered an ISO 27001, SOC2 or other frameworks (required)
- Certifications
- CISA, CRISC, GIAC, CISM, or CISSP certifications (preferred)
About Tanium
Tanium delivers the industry's only true real-time cloud-based endpoint management and security offering. Its converged endpoint management (XEM) platform is real-time, seamless, and autonomous, allowing security-conscious organizations to break down silos between IT and Security operations that results in reduced complexity, cost, and risk. Securing more than 32M endpoints around the world, Tanium's customers include Fortune 100 organizations, top US retailers, top US commercial banks, and branches of the U.S. Military. It also partners with the world's biggest technology companies, system integrators, and managed service providers to help customers realize the full potential of their IT investments. Tanium has been named to the Forbes Cloud 100 list for nine consecutive years and ranks on the Fortune 100 Best Companies to Work For. For more information on The Power of Certainty™, visit www.tanium.com and follow us on LinkedIn and X.
On a mission. Together.
At Tanium, we are stewards of a culture that emphasizes the importance of collaboration, respect, and diversity. In our pursuit of revolutionizing the way some of the largest enterprises and governments in the world solve their most difficult IT challenges, we are strengthened by our unique perspectives and by our collective actions.
We are an organization with stakeholders around the world and it’s imperative that the diversity of our customers and communities is reflected internally in our team members. We strive to create a diverse and inclusive environment where everyone feels they have opportunities to succeed and grow because we know that only together can we do great things.
Each of our team members has 5 days set aside as volunteer time off (VTO) to contribute to the communities they live in and give back to the causes they care about most.
What You’ll Get
The annual base salary range for this full-time position is $110,000 to $325,000. This range is an estimate for what Tanium will pay a new hire. The actual annual base salary offered may be adjusted based on a variety of factors, including but not limited to, location, education, skills, training, and experience.
In addition to an annual base salary, team members will receive equity awards and a generous benefits package consisting of medical, dental and vision plan, family planning benefits, health savings account, flexible spending account, transportation savings account, 401(k) retirement savings plan with company match, life, accident and disability coverage, business travel accident insurance, employee assistance programs, disability insurance, and other well-being benefits.
For more information on how Tanium processes your personal data, please see our Privacy Policy