Senior Security Governance Risk & Compliance Analyst
BigCommerce is disrupting the e-commerce industry as the SaaS leader for fast- growing, mid-market businesses. We enable our customers to build intuitive and engaging stores to support every stage of their growth.
The number one thing our customers care about is Information Security. The person who accepts this challenge will be able to make a large impact on the maturity of our Information Security Management System. In this role, you’ll be helping guide the work to make BigCommerce a shining example of Cybersecurity best practices. The work involves our PCI DSS and ISO 27001 certification processes, working with our teams to implement risk improvement processes and projects.
BigCommerce is committed to being a leader in Information Security in the ecommerce space. Your skills and your passion for protecting data and ensuring compliance will be a large factor in BigCommerce’s future success.
What you’ll do:
- Assist the Governance Risk and Compliance Manager with maintaining the BC Information Security Management System (ISMS); developing policies, procedures and security standards
- Monitor compliance with regulatory requirements such as PCI DSS, ISO 2700X, CSTAR and liaise with business stakeholders (IT, Product & Engineering, Sales, Marketing, Human Resources etc.) to ensure organizational compliance
- Perform InfoSec risk and control assessments and report on risks to risk owners, recommend mitigation strategies and manage risks through its lifecycle
- Perform scheduled audit and compliance checks against organization policies, document and monitor compliance violations and control improvements
- Build awareness and accountability around IT governance, risk, and compliance control functions
- Articulate InfoSec risk into business terms while engaging with stakeholders, product owners, and software engineers
- Monitor and track exception to policies (ETP) while collaborating with the security operations team to develop and maintain a dynamic and real-time enterprise Risk Register and dashboard
- Leverages technology to aggregate controls, risk and compliance information to rapidly identify and report exceptions
- Serve as liaison to business units and third parties to create and/or provide feedback on items assigned or influenced by the team (e.g., InfoSec best practices, policy and procedure development, employee education and awareness, security exceptions, data privacy)
- Define and deliver appropriate GRC metrics, key performance indicators (KPIs), analytics, and scorecards
- Organize and leads GRC related meetings and prepare meeting agendas and minutes
Who You Are:
- Minimum 5 years of experience in IT and information security.
- In-depth understanding of PCI DSS, ISO2700x as well as industry security frameworks
- Experience in financial services, e-commerce environment and a good understanding of cloud models (SaaS, IaaS and PaaS) is definitively a strong asset
- Advanced knowledge of risk assessment design and delivery
- Knowledgeable of governance, risk and compliance systems
- Excellent interpersonal and communication skills - oral and written (including listening and facilitation skills) to deal with a wide range of stakeholders
- Good influencing skills and ability to adapt to a dynamic, rapidly changing business and technical environment
- Strong analytical skills for defining strategy, operating model and mitigating potential issues with an effective change management plan
- Ability to work independently
- Ability to prioritize and multitask. Flexibility and adaptability in work approach.
- Calmness and clarity of thought under pressure and ability to maintain confidentiality
- Demonstrates team-oriented interpersonal skills; ability to effectively interface with a broad range of people and roles
- Accept responsibility and personal accountability
- Professional certifications such as CISSP, CCSP, CISA, CRISC, CISM are considered a plus
Diversity & Inclusion at BigCommerce
We have the opportunity to build not only a great business, but a great company, with soul. Our beliefs and commitment to diversity and inclusion are a central part of achieving that.
Our dedication to diversity and inclusion is grounded in two things: a moral belief in the dignity, value, and potential of every individual, and a practical belief that diverse, inclusive teams will create the best outcomes for our customers, partners, employees, and company. We welcome everyone to be a part of our journey.