# Security Compliance Analyst

**Company:** [Hive](https://hotfix.jobs/companies/hive)
**Location:** San Francisco, CA
**Role:** Security Engineering
**Experience:** 4+ years
**Skills:** ISO 27001, Soc 1, SOC 2, GDPR, CCPA, Cpra, Isms, GRC, Risk Assessment, Cyber Security
**Posted:** 2021-04-17

> Manages risk programs, audits, and compliance initiatives including ISO 27001/SOC audits and privacy laws like GDPR/CCPA. Collaborates with engineering teams on process improvements and supports information security governance. Requires 4+ years in risk assessments and GRC experience.

## Job Description

## Responsibilities
- Manage Hive’s current risk management program
- Manage external and internal audits, including reviewing materials that require attention for accuracy and properly adhering to regulatory expectations
- Implement ISMS in coordination with executive and mid-level management
- Participate in building a comprehensive **Governance, Risk and Compliance** program
- Work with Engineering and Product teams to identify process improvements and efficiencies in areas **change management**, **access management** and general technology process controls
- Provide compliance, risk, and controls expertise to support information security and compliance initiatives
- Protect the business by assisting with **cyber security risk assessments**
- Maintain awareness of industry best practices for data maintenance handling as it relates to your role
- Manage security and privacy training programs
- Adhere to and champion policies, guidelines and procedures pertaining to the protection of information assets
- Manage external security, privacy, and compliance requirements, including both internal requirements for vendors as well as external requirements placed on Hive
- Report actual or suspected security and/or policy violations/breaches to an appropriate authority
- Define, develop, implement, and maintain our policies and processes that enable consistent, effective privacy practices that minimize risk and ensure the confidentiality of protected information, paper and/or electronic, across all media types and comply with applicable privacy laws and regulations

## Requirements
- Bachelor's degree or related experience
- Minimum **4+ years** experience related to conducting risk-based assessment for information systems and/or operations
- Minimum **1+ years** experience running a comprehensive **Governance, Risk and Compliance** program
- Minimum **2+ years** experience leading industry standard (**ISO 27001** or **SOC 1/2**) audits from either side
- Strong knowledge of applicable privacy laws (**CCPA/CPRA**, **GDPR**)
- Ability to communicate in a written and oral format to technical and non-technical audiences in a business-friendly manner
- Demonstrated success in a competitive environment
- Highly self-motivated and ambitious in achieving goals
- Strong team player, but can work and execute independently
- Driven; no one needs to push you to excel; that’s just who you are
- Hungry to learn and actively look for opportunities to contribute
- Highly organized and detail-oriented; can handle multiple projects and dynamic priorities without missing a beat

## Similar roles

- [Security Program Manager](https://hotfix.jobs/jobs/e7f7fcaf-1979-4194-9131-83689809fe47) - Forus - New York, NY
- [Safeguards Enforcement Analyst, Account Takeover & Credential Abuse](https://hotfix.jobs/jobs/31f5d0ec-9b31-4419-a4b1-2e826ec7a358) - Anthropic - San Francisco, CA - $245k – $285k/yr
- [Application Security Engineer](https://hotfix.jobs/jobs/d240253e-6098-4419-8f04-aaf793f42c03) - Zocdoc - Remote - $100k – $140k/yr
- [Detection & Mitigation Engineer](https://hotfix.jobs/jobs/61def9c4-f4a5-41a5-99c6-579a61033a73) - Cloudflare
- [Security & Compliance Operations Manager](https://hotfix.jobs/jobs/90ac6643-526f-4aeb-bb4f-d71bc1af1fcd) - Mintlify - San Francisco, CA - $120k – $180k/yr

**Apply:** https://hotfix.jobs/jobs/188d6ca5-8194-4739-9a95-94fb0e407884
**Canonical:** https://hotfix.jobs/jobs/188d6ca5-8194-4739-9a95-94fb0e407884