Acquia empowers the world’s most ambitious brands to create digital customer experiences that matter. With open source Drupal at its core, the Acquia Digital Experience Platform (DXP) enables marketers, developers, and IT operations teams at thousands of global organizations to rapidly compose and deploy digital products and services that engage customers, enhance conversions, and help businesses stand out.
Headquartered in the U.S., Acquia has been named a top software company by The Software Report and rated a leader by the analyst community. Acquia’s India office is a Great Place to Work certified organization. We are Acquia. We are building for the future and we want you to be a part of it!
The Information Security Analyst, will design, plan, implement, and operate Acquia’s Information Security Programs, both internal (e.g., IT and business systems) and external (e.g., products and APIs), under the direction of the Principal Compliance Auditor and Risk Analyst reporting to the Chief Information Security Officer. Working in a highly technical and complex environment, this position is responsible for executing internal efforts supporting external compliance audit and risk management activities. The role will execute internal assessments and work with business teams to remediate and track any findings while also collecting, representing and communicating with relevant third-party assessors. The role will also assist with analyzing Information Security protections then documenting vulnerabilities, risks, exposures, and communicating them to appropriate stakeholders within the organization, giving advice on and/or implement recommended process and/or tool enhancement changes, and ensuring improvement is implemented over existing policies, procedures, and practices by supervising corrective action plans.
The primary duties, tasks, and responsibilities for this role include, but are not limited to, the following:
- Plan, Execute, Report on internal audits of select systems, locations, products and services.
- Lead delivery and monitoring activities for individual compliance frameworks
- Provide technical expertise to security risk assessment and threat evaluation to ensure the proper controls are deployed to reduce or manage the defined risks.
- Support vendor risk assessments, project risk assessments, change request risk assessment, business impact assessment, annual enterprise risk assessments, and vulnerability and penetration testing.
- Conduct review of organizational policies and activities assigned following departmental standards, as well as the Standards for the Professional Practice of Information Security.
- Review vulnerability reports and remediation work papers, ensuring effective documentation of results of reviews on assigned activities that have been made, as well as the recommended action that management should take, for easy follow. Enable management reporting to the board through this documentation.
- Participate in developing and implementing a detailed system security plan and other relevant materials to document the policies and procedures in place for auditor consumption that takes into consideration risk assessment, goals and objectives of management, budget, staffing requirements as well as the Customer contractual requirements.
- Participate in special projects or studies such as fraud investigation, risk assessments, due diligence acquisition reviews, information security policy updates, incident response, etc.
- Develop and maintain maturity roadmap, training, metrics and key performance indicators that demonstrate readiness, enable identification of gaps and improve resiliency
- Lead projects involving cross functional teams to develop new business continuity capability, remediate gaps, continuously monitor and improve resiliency to align with changing business needs
- Help drive the socialization, adoption, implementation, ongoing maintenance and evolution of the Information Security and Resiliency programs across the enterprise
- Support CISO and business during real-time disruptions, and act as backup during crisis events which may occur during or after working hours.
The additional duties, tasks, and responsibilities for this role include, but are not limited to, the following:
- Assist with the delivery and monitoring activities for existing security and privacy programs with a 100% completion rate on external audits including; ISO 27001, PCI-DSS, SOC 1 & 2, FedRAMP, HIPAA and IRAP.
- Facilitating security and privacy awareness on an ongoing basis
- Partnering with clients to support their security and privacy programs including, but not limited to, engagement with client requirements in the following verticals: biopharmaceutical, financial services, healthcare, international public sector (federal and local), education, aerospace and defense, and energy
- Partner with the Global Resiliency Manager on maintenance and execution of the Acquia Business Continuity and Disaster Recovery Program
- Enter and Manage risks in the risk register, supporting the Risk Manager.
- Master’s or Bachelor’s Degree in Accounting, Information Systems, Computer Science, Engineering, or other similar major
- Minimum 3 years of professional experience in Information Security
- Demonstrated familiarity with global industry security and privacy standards, frameworks, et al. including: IRAP, PCI DSS, ISO 27001, Trust Services Criteria, HIPAA, GDPR, CCPA, and FedRAMP
- CISSP, CISA, Security+, GSEC certifications preferred but not required
- Broad Information Security experience across various areas of IT, LAMP Stack, Kubernetes, and Drupal
- Experience with SaaS technologies, preferably as it pertains to Information Security
- Possess advanced knowledge of network and application vulnerability assessment, IT practices, risk assessment practices, change control, data privacy, and business continuity.
- Strong ability to research and gather information from both business and IT functions.
- Strong analytical and problem-solving skills to resolve issues promptly as they occur.
- Strong ability to work collaboratively and cooperatively with all employees irrespective of their status in the organization.
- Lead any junior staff in Information Security related tasks
- Experience working with prevailing cloud environments and technologies; AWS, Azure, GCP, Jenkins, TravisCI, Puppet, Chef, Kubernetes (K8s), Docker, Containers, etc.
- Highly motivated, overachiever, team player
- A high level of intensity to work with an experienced, motivated leadership team focused on creating a significantly sized company in a short timeframe
- A passion for excellence including an innate desire to build a metric driven business
- Excellent thought leadership traits with the ability to successfully drive fundamental changes in web strategies
- Strong analytical and writing abilities
- Exceptional presentation skills
- Strong work ethic
Acquia is an equal opportunity (EEO) employer. We hire without regard to age, color, disability, gender (including gender identity), marital status, national origin, race, religion, sex, sexual orientation, veteran status, or any other status protected by applicable law.