Datasite is the industry leader in technology solutions that enable mergers, acquisitions, initial public offerings, restructuring and other critical capital transactions in more than 170 countries. We provide the world's leading investment banks, private equity firms, law firms and corporations with tools to simplify, streamline and accelerate the due diligence process, helping them close more deals, faster. We are a global team of high-energy, passionate people. We have strong individual voices but we work as a team, bringing out the best in each other. We thrive under pressure and always keep the customer at the heart of everything we do.

Job Description:

Job Summary:

The responsibilities for the Security Compliance Analyst - Senior will be to act as the subject matter expert on implementation, improvement, and daily management of the security client engagement and security awareness program. The individual will also assist development and maintenance of audit and compliance strategies to ensure that policies, standards, procedures, and audit activities are in alignment with business regulatory requirements. Success in the role will be measured by the effectiveness of the security client engagements and the cultural and behavioral integration of the security awareness program by employees, suppliers, vendors and contractors.

Essential Duties and Responsibilities:

• Drive internal and external security compliance monitoring activities, including vendor audits, client audits, RFP/due diligence reviews, internal audits:
  • Evaluate and respond to security related questionnaires
  • Work with auditors to facilitate on and offsite fieldwork
  • Plan & facilitate documentation gathering
  • Report audit findings to appropriate parties
  • Document and respond to any audit findings and recommendations
• Lead Datasite service provider risk assessment processes and audits:
  • Work with business lines to plan and facilitate vendor risk assessments
  • Evaluate risk assessment responses
  • Lead on-site service provider audits (as necessary)
  • Document and report on findings (in accordance with escalation procedures)
• Oversee Datasite management and staff regarding risks and controls pertaining to security-related concepts and compliance and audit requirements
  • Implementing and tracking of annual employee security awareness training
  • Correlation and presentation of security awareness training metrics
• Develop working relationships with business unit staff and management at different organizational levels and locations, data owners, vendors, and clients; use business relationships to maintain awareness of corporate projects that may impact security compliance and facilitate continual awareness of security compliance to business partners
• Proactively produce relevant reports for the Security team and business management
• Miscellaneous duties as assigned

Minimum Experience:

• 3-5+ years working with requirements relating to privacy, data security and governance frameworks including ISO27001, SOC2, and GDPR in a complex organizational environment
• Experience interacting with external auditors and an understanding of internal audit standards, IT general controls, and process control design and testing methods in a complex organizational environment
• Experience with communicating information security responses directly and indirectly with clients and customers
• Experience building and maintaining relationships and keeping informed regarding relevant changes throughout the organization

Additional Requirements:

• Knowledge of security compliance requirements; experience interpreting requirements and communicating their impact to the company
• Excellent communication skills to clearly and concisely communicate security compliance requirements to all levels of Datasite (from staff to SVP); to communicate unusual or problem situations to Security, Legal, and the Business
• Ability to organize work activities and respond to priority changes; ability to lead multiple projects concurrently
• Works under limited supervision; may supervise/mentor less experienced compliance analysts on a project-by-project or informal basis.