Previous Job
Sr Security Policies and Training Analyst
Ref No.: 17-13536
Location: Palo Alto, California
Job Description

Title: Sr Policies and Training Analyst
Department: Infrastructure and Security
Location: Palo Alto, CA
Reports To: Sr. Director, Security and Privacy Governance


Client, Inc. is the leading provider of collaborative business commerce solutions. Client combines industry-leading software as a service (SaaS) technology to optimize the complete commerce lifecycle with the world's largest web-based community to Client, connect and collaborate with a global network of trading partners and expert capabilities to augment internal resources and skills, delivering everything needed to control costs, minimize risk, improve profits and enhance cash flow and operations; all in a cloud-based environment. Whether you're buying, selling or managing cash, you can do it more efficiently and effectively in the Client® Commerce Cloud. Over 300,000 companies, including more than 80 percent of the Fortune 500, use Client's solutions to drive more efficient inter-enterprise commerce.

Security and Privacy are vital components of CLIENT Client's success as a cloud company. Our customers entrust us with their Confidential Business Transactional Data and some Personally Identifiable Information because of the value that we add by processing that data for them. If you want to be a game changer in building confidence in the cloud for our customers, consider joining our team. We are looking for ambitious people who thrive in a dynamic environment, and are passionate about security and ready for a challenge. Success will depend upon building rapport and credibility with multiple stakeholders across CLIENT Client. As a leader in Cyber Security, this candidate will have opportunities to mentor, support, and contribute to goals and initiatives that ensure the secure usage of technology, industry standards, and best practices.

CLIENT Client*s Security, Privacy and Governance (SPG) team is responsible for identifying, assessing and managing threats, vulnerabilities, and associated risks to Client*s information assets and resources. This includes providing expertise and partnership with operating and maintaining various integrated security technologies to protect the integrity, confidentiality and availability of all information resources throughout a highly distributed cloud environment.

The Policy and Standards analyst is accountable for driving the Security and Privacy policies in line with industry frameworks and CLIENT policies. This will involve baselining and gap analysis against industry standards and best practices. The analyst must also stay abreast of new developments in Information Security related technologies and practices both internal and external to CLIENT, to assess them and measure the potential business impact. The analyst will also be responsible for maintaining Security and Privacy awareness across the business.

Primary Responsibilities:

* Maintain CLIENT Client Security and Privacy policies and standards in line with industry standards and CLIENT and Client policies.

* On a minimum 12 monthly basis, review each policy with the key stakeholders and update under change control as needed.

* Draft new or changed policy documents, and store and track them, while adhering to CLIENT's document lifecycle procedures with archival as necessary.

* Assist departmental stakeholders to develop and or maintain documents such as process maps, data flow diagrams, procedures for standard operations, job aids or guides, etc.

* Manage review, revision and approval workflow for policy documentation with process owners, business owners and subject matter experts.

* Communicate security policy changes to the business and ensure that the relevant departments make an impact assessment of the changes

* Ensure that there is adherence to established policies across the CLIENT Client enterprise, working closely with other Security, Privacy and Governance team members.

* Work closely with cross-functional team members to develop training presentations and computer-based training modules.

* Raise awareness of Security and Privacy and deliver training programs to the CLIENT Client internal and external workforce.

* Provide consultancy on risk management matters and advise on the implementation of security controls

* Monitor, assess and communicate new developments in Information Security technologies and practices.

* Work with business owners on remediation plans that address identified gaps based on severity of risk and non-compliance.

* Identify, document and elevate visibility to information risk that creates potential for exposure to the company.

* Apply COBIT5, COSO, ITIL, ISF, OWASP, ISO 27K or NIST frameworks to all documentation and remediation efforts.


* 5+ years of experience in information security and privacy audits and risk/gap assessments.

* Knowledge of Cloud Security concepts, techniques, tools, methods and best practices including DLP, encryption, vulnerability management, GRC, segregation of duties, IT infrastructure and software change management, security, availability, incident handling, and data transmission integrity.

* Understanding of technology use, trends and risks in a business context and environment.

* Ability to communicate complex security risks to non-technical staff

* Ability to develop and track key performance indicators (KPIs) and metrics for benchmarking and operational success

* Strategic mind-set to ensure a clear focus on the go forward agenda and the ability to apply risk based decisions balancing cost/opportunity and risk.

* Knowledge of key security and privacy principles and standards including SOC 2, PCI-DSS, BSI, and regulatory requirements (GDPR, etc.).

* Experience with Questionnaire-based Interviews and Investigations, Technical writing of Policies, SOPs and Guides and authoring tools such as Adobe RoboHelp

* Capable of producing high quality output and documentation with attention to detail and following best in class design and delivery methods, tools and standards.

The ideal candidate will also have the following qualifications and skills:

* Business acumen and track record of working with internal teams and external parties to see the *big picture*, understand technical architectures, perform gap analysis against requirements and achieve business goals.

* Knowledgeable in Cloud Security, Application and Web Application Security and the concepts, techniques, tools, methods and practices used to secure them

* Demonstrated self-starter qualities of independence, initiative and creativity.

* Organized and execution/results oriented with excellent planning and multi-tasking abilities.

* Strong verbal and written communication skills and ability to influence others.


* Bachelor*s Degree in MIS, Computer Science, or other related field, with focus on Information Security

* Industry certifications including CISSP, CRISC, CISA, CISM and/or CRMA