Data Security/ Compliance

Sr. Risk and Compliance Analyst

Risk and Compliance Analyst Information Security

At Deem, we create powerful, intuitive solutions for booking and managing corporate travel. Deem puts the traveler at the center of everything we do.  Travelers can manage their corporate travel needs with ease and on the fly, while companies can apply policy and control costs.  

Deem's mission is to transform travel while expanding our footprint in the marketplace.  There is enormous opportunity to impact the company and innovate travel, while working with a team that has a shared passion of taking the company to the next level.  The company is headquartered in San Francisco Bay Area with offices in Bangalore, India and Dublin, Ireland. 

Deem is a wholly owned and independently run subsidiary of Enterprise Holdings, Inc (EHI), the world’s largest mobility provider, and an industry leader in mobility and technology. Deem has the benefit of being a subsidiary of EHI while having a start-up feel and an agile approach. 

The focus of this role is to manage Deem’s Risk and Compliance across the organization. You will be developing, maintaining and improving required solutions in the aim of protecting Deem’s and our clients' most important assets and intellectual property. What's unique about this role is it will help transform security as an enabler to innovation.

What you'll be doing

  • Drive and co-ordinate all IT security compliance assessment and audits (PCI, SOC2, etc.)
  • Own and mature IT Risk Management framework implementation and underlying risk management processes
  • Establish and drive targeted firmwide security campaigns to enhance security awareness
  • Develop core relationships with internal and external stakeholders, provide security input and manage due diligence processes
  • Collaborate with the rest of the security team and act as point of contact for risk and compliance
  • Interact with business leaders and customers for contract reviews and security policy negotiations
  • Heavily contribute to global privacy policies and help ensure conformance
  • Lead third party security assessments and oversee remediation efforts
  • Participate in planning for DR and BC programs
  • Manage and mature Open Source and proprietary software license compliance
  • Work with the process and control owners to achieve a uniformed control implementation and testability
  • Develop, maintain, report on key risk metrics
  • 8 + years of experience in Information Technology or Information Security Governance, Risk & Compliance
  • Hands on experience with managing or leading internal/external compliance assessments (PCI-DSS, SOC2, ISO27K2 etc.)
  • Experience in successfully implementing and managing of security frameworks such NIST CSF
  • Exposure to SDLC with a company that has a commercial software application with SaaS being ideal
  • Solid understanding of cloud native technologies and the associated risks
  • Strong project & time management skills
  • Inspirational innovation through thought leadership and "always pushing the envelope" technology strategy
  • Some experience in SQL & NoSQL databases
  • Good understanding of CI/CD pipeline strategies and modern SDLC methodologies
  • Linux & Windows proficiency
  • Proficiency in security configuration assessment and vulnerability management tools
  • Usable experience in Configuration Management tools such as Chef, Puppet, or Ansible
  • Good virtualization experience and understanding of the associated risks
  • Understanding of source code control systems such as Perforce, Git, GitLab preferred
  • Experience with Data Governance/ Privacy / GDPR/CCPA
Apply
Related News