Previous Job
Security Compliance Analyst
Ref No.: 17-14910
Location: Menlo Park, California
Facebook is seeking an experienced Information Security Compliance Analyst to join the Information Security team. This position will be responsible for supporting and driving the design of Facebook's organizational, procedural, and technological security controls within the context of the global regulatory frameworks applicable to Facebook and it's affiliate companies. The position will also help implement, automate, and maintain controls necessary to support a successful information security compliance program while supporting and responding to inquiries from internal and external stakeholders.
An ideal Information Security Compliance Analyst is someone with a strong background in technical security compliance or a related field, either in industry or via professional services. Successful candidates will be expected to have a passion for deepening their technical knowledge of the broad aspects of information security, while organizing disparate controls, policies, and processes into a unified view of Facebook and it's affiliates. This role requires a broad mix of business and technical acumen coupled with polished communication and a strong desire to learn. This role is located at our headquarters in Menlo Park, CA.
Understand technical implementation details necessary to support the design of practical and scalable security controls to mitigate risks
Help to maintain Facebooks suite of unified security controls and policies
Support the development of required corrective action plans relating to security risks and compliance requirements
Support the implementation and maintenance of technical security controls required to mitigate risks to Facebook and affiliate companies
Partner with Security Compliance Program Managers to implement security procedures to address compliance requirements
Support security audits by working with internal tools and infrastructure to ensure effectiveness of control implementations and to produce evidence for external audits
Assist with daily technical security activities and functions such as assessing security risks, supporting access escalations, creating and maintaining security reports/dashboards, etc.

Minimum Requirements
Passion for technology, information security, and how Facebook protects and delivers services to its +2 billion users
Does not take a check the box mentality to security compliance
Excellent communication, attention to detail, and project management skills a must
Experience and passion for working with fragmented data to report meaningful metrics and identify actionable insights
6+ years of experience successfully supporting technology security assessments for highly distributed web applications
Strong understanding of one (1) or two (2) of the following security compliance frameworks, controls, and best practices: AICPA
Trust Principals (SSAE 16/18 - SOC 2 and 3), ISO 27000 Series, OWASP Top 10, PCI DSS, SANS CIS Critical Security Controls, regulations governing personally identifiable information (PII/PHI - HIPAA/Hi-Trust), and other applicable regulatory compliance frameworks
Experience working with security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc.
Ability to work independently and collaboratively across various levels cross functionally
Strong desire to learn and continuously deepen technical skills
Security consulting experience or related professional services/consulting background strongly preferred