Do you want to help eliminate barriers between ideas and business outcomes? We want you to bring your unique experiences and creative ideas to the table. CA Technologies provides software and solutions that help our customers to develop, manage, and secure complex IT environments to increase productivity and enhance competitiveness in their businesses. It’s our aim to encourage global collaboration and results-oriented innovation, while supporting and developing our talented people and our communities. CA Technologies will empower you to drive authentic success, for both the business and yourself in the application economy.

The CA Veracode IT Risk/Compliance Analyst is responsible for oversight and coordination of the Governance, Risk and Compliance (GRC) program within IT Security.  This role will report into the Information Security Engineering Team.

Responsibilities:

• Directly responsible for procedures and controls to assure compliance with applicable regulatory and legal requirements as well as good business practices.
• Establish and oversee formal risk analysis and self-assessments program for various Information Services systems and processes.
• Drafts responses to questionnaires for review and maintains a database to facilitate timely responses.
• Supports Service Organization Control (SOC) and internal audit requirements and activities by assisting in the planning and execution of assessments to minimize disruption on business processes and operational systems.
• Supports efforts to gather documentation and supporting evidence and facilitates external and internal audit requests.
• Help ensure compliance with SOC2/3, FedRAMP, NIST 800 Series
• Establish and run ZenGRC tool for proper controls
• Liaise with Internal Product engineering team to remediate new and outstanding issues; track security-related issues in the GRC system.
• Work with business units to ensure data is properly classified.
• Maintain expertise on security trends through training, research and development in order to mitigate potential security exposures.
• Work with Solutions Engineering team and external clients as necessary.

Required Experience/Skills:

• Bachelor’s degree in CS or other relevant field. Graduate degree or courses a plus.
• 5 or more years of progressive Information Security work experience.
• Advanced knowledge of risk assessment design and delivery.
• Knowledgeable of governance, risk and compliance systems and how to design a GRC frame work.
• Familiarity with some relevant security frameworks such as FedRAMP, ISO 27001, SOC1/2/3, PCI, etc.
• Proven experience building productive relationships with Technical Operations, Security Operations, Incident Response, Technical Compliance and other stakeholders.
• Relevant knowledge of network engineering, systems engineering and related device engineering as appropriate for your focus area.
• Strong familiarity/working knowledge of industry frameworks such as NIST 800 series
• Ability to prioritize and multitask. Flexibility and adaptability in work approach.
• Strong written and verbal communication skills.

Desired Experience/Skills:

• Professional security management certification: CISSP or CISA preferred

• Knowledge of / experience working with Cloud technologies/environments is a plus