Senior Security Analyst (Auditor) at Qualtrics (Washington DC)
The Qualtrics XM Platform™ is a system of action that helps businesses to attract customers who stay longer and buy more, to engage and empower employees to do the best work of their lives, to develop breakthrough products people love, and to build a brand people can’t imagine living without.
Joining Qualtrics means becoming part of a team bold enough to chase breakthrough experiences - like building a technology that will be a force for good. A team committed to diversity, equity, and inclusion because of a conviction that every voice holds value, with a vision for representation that matches the world around us and inclusion that far exceeds it. You could belong to a team whose values center on transparency, being all in, having customer obsession, acting as one team, and operating with scrappiness. All so you can do the best work of your career.
We believe every interaction is an opportunity. Are we yours?
Are you passionate about security in the cloud? Are you looking for a place to put your skills and passion for compliance and risk management to use on the latest cloud-based technologies? Do you enjoy not having the same day twice? If so, Qualtrics is the place for you. We are seeking a Senior Security Analyst (Auditor) to join a highly successful team within a fast-paced growth company.
We are looking for a Senior Security Analyst (Auditor) who is a multi-faceted person with a passion for global audit, compliance, and privacy activities, ensuring administrative, physical and technical safeguards for data protection, including access control, intrusion detection, virus protection, incident response, cloud architecture, cyber, and many other security, privacy, and regulatory considerations. You must possess an excitement for ensuring organizations processes map to policy, regulatory, and industry best practices for data protection and privacy while showing value to others about this important but often feared organizational imperative.
You will contribute to and/or perform internal audits, third-party audits, and inquiries from external auditors and assessment, as well as analyzing customer security requirements, ensuring security and privacy program adequately supports the increasing requirements. Additionally, you will contribute to the development and implementation of security and privacy policies and procedures to address regulatory, compliance, and privacy changes.
The Senior Security Analyst (Auditor) reports to the Associate Manager of Audit & Compliance and will have the following responsibilities:
- Performing IT, infrastructure, cyber, and Software as a Service (SaaS) audits related to information security policy, regulations, governance, and other security-related provisions and best practices.
- Contributing to audit gaps recommendations in software, configurations, policies, procedures, and processes.
- Populating standard security documentation (e.g., SIG, CAIQ) and responding to RFPs.
- Cataloging results, including recommendations, to key stakeholders.
- Contributing to developing metrics and reporting key risk indicators.
- Contributing to tracking global cross-functional team remediation.
This position requires or prefers the following competencies for this position:
- Bachelor's degree with at least five years of relevant technical, business experience, or project management experience is required.
- Experience working with a SaaS vendor is desired, or experience working with cloud service providers will be considered. SaaS company work experience is a plus.
- Knowledge of ISO, HITRUST, PCI, NIST, and SOC.
- Privacy (GDPR, CCPA, etc.) experience is desired.
- Security+ or CISA is required or be able to obtain the required certification within six months of hire.
- Must know industry-accepted practices regarding systems, networks, and a variety of security concepts, practices, and procedures.
- Excellent analytical, strong communications, and soft skills, with the ability to speak to a variety about security and compliance matters.
- Good written and verbal communication skills are necessary.
- Experience with contracts is desired.