Snowflake is seeking a Senior Security Compliance Analyst to join our Global Security Compliance & Risk team and help drive compliance across Product Engineering & Corporate IT systems. 

The Sr. Security Compliance Analyst will be a critical and high-impact  individual contributor to to help control owners to comply with required controls along with monitoring effectiveness of the controls. This role will report to the Security Compliance Manager within the Security and IT organizations. 

• Support Snowflake business teams to achieve and maintain their security and compliance posture in accordance with regulatory requirements including but not limited to Sarbanes Oxley (SOX), SOC, ISO 27001, ISO, HIPAA, PCI-DSS, HITRUST, FedRAMP, etc.  Validate on-going compliance of policies and process / procedures in support of requirements and ensure that controls are operating effectively.
• Responsible for quality and on-time execution of periodic audit activities such as change management review, SDLC review, audit of release process and CI/ CD, Segregation of duties etc.
• Support and monitor remediation efforts of audit findings and validate the closure by reviewing relevant evidence.
• Conduct risk assessments, identify compliance control requirements for cloud based systems
• Review architecture, integrate compliance and security into solution designs, assess risks of security gaps, and develop remediation plan. Perform follow up activities related to remediate gaps , drive remediation efforts.
• Develop a close partnership with engineering control owners to educate them on compliance requirements and develop risk-appropriate control implementation solutions.
• Review, develop, execute, and maintain security policies and procedures for compliance
• Work on automating control monitoring across compliance domains like Change Management, Secure Development LifeCycle etc 
• Identify process improvements and efficiencies in the existing processes to build robust processes, automate compliance and drive implementation of effective controls.
• Serve as primary point of contact to work closely with cross functional teams - Engineering/ product security/ IT/ corporate security teams to identify risk to the business/ product  and other areas necessary to identify risks to the business
• Work cross-functionally to drive security control implementation for the organization.
• Have the ability to identify risks associated with business processes, operations, information security programs and technology projects.
• Review, develop, execute, and maintain security policies and procedures for compliance.

QUALIFICATIONS :

• 8+ years of related work experience in Information Security Governance, Risk and Compliance (GRC) or relevant Compliance roles in the tech industry. Big 4 consulting experience is a plus.
• Must have minimum 2 - 3 years experience supporting and driving SOX (or ISO, SOC, PCI DSS )  readiness and audit (e.g. control design review, control operating effectiveness audit, assessment write -ups and control documentation review,audit evidence upload, supporting audit walkthroughs with auditors, etc.) 
• Prior experience auditing or performing compliance assessments/ risk assessments for cloud environments (AWS, Azure, GCP) and SaaS platforms
• Knowledge of domains like Change Management, Release, deployment, SOD, SDLC , Logging, Encryption controls for systems using Agile Methodologies.
• Familiarity with Change Management tools like Jenkins, GitHub, JIRA, ServiceNow, ArgoCD
• Knowledge in Developer driven risk security and compliance process 
• Certification preferred in one or more of the following: CISA, CISSP, CISM, Cloud platforms
• Ability to organize, conduct and drive meetings and outcomes with little to no manager involvement.  Must be aware of and deliver quality stakeholder engagement experience. 
• Ability to work efficiently and independently in a fast-paced, innovative environment
• Strong analytical, communication (verbal and written), and project management skills
• Ability to work closely with auditors, regulators, and internal stakeholders and articulate technical concepts
• Ability to learn, understand, and work with new emerging technologies, methodologies, and solutions in the Cloud/IT technology space.
• Ability to multitask and manage simultaneous projects