Senior Risk and Controls Analyst
Job Title: Senior Risk and Controls AnalystDepartment & Organization: ITLevel: ProfessionalLocation: Boston, MA
About Acquia:
Acquia, is transforming the digital strategies of companies all over the world with our open cloud platform. We are passionate and relentlessly committed to helping our clients create digital experiences that are more relevant, personalized, and built for a fast-changing, always-connected, mobile-first world. Headquartered in the US, we have been named as one of North America’s fastest growing software companies as reported by Deloitte and Inc. Magazine, and have been rated a leader by the analyst community and named one of the Best Places to Work by the Boston Business Journal. We are Acquia. We are building for the future of the web, and we want you to be a part of it.
Position Overview:
Acquia’s global Information Security team is seeking a Senior Risk & Controls Analyst to work in our Boston, MA office. In this role you will be responsible for driving best practices across the organization to promote compliance with existing regulatory and audit processes in addition to the evaluation of emerging standards and regulations to be integrated into the organization. This role reports to the Manager of Risk and Compliance.
- This role will primarily be responsible for managing regulatory/external audit activity, including but not limited to audit deliverable coordination, on-site audit coordination and management, and audit activities. Audits include those from Payment Card Industry (PCI), Service Organization Controls Reporting (SOC), International Organization of Standardization (ISO), Federal Risk and Authorization Management Program (FedRAMP), and others.
- This role requires collaboration with stakeholders at all levels of the organization, therefore candidates should demonstrate skillful communication, flexibility, and conflict resolution skills.
Responsibilities include, but are not limited to:
- Document, retain, report and clearly articulate audit-related information (i.e., scope, findings, recommendations, corrective action plans, and status) and documentation to leadership
- Manage multiple audits and collaborate across multiple business segments
- Work with various internal groups to gather needed information for audits
- Act as the gatekeeper for audits and support the collection of data
- Monitor changes in requirements to mitigate risks and achieve compliance
- Analyze, understand and articulate regulatory and contractual requirements and apply identified requirements to business operations when supporting regulatory/external audits
- Facilitate contract negotiation for compliance-related language
- Perform additional duties as requested or required by management
Minimum Qualifications:
- 4+ years of experience working with compliance standards such as PCI, NIST, FedRAMP, SOC, ISO
- Intermediate level of proficiency with MS Word, Excel and PowerPoint
- 4+ years of experience in compliance, privacy and/or regulatory affairs or with supporting audits in a highly regulated industry
- Undergraduate degree
Preferred Qualifications:
- Certification in risk, audit, privacy or other related areas