Sr. GRC Security Compliance Analyst

We’re looking for problem solvers, innovators, and dreamers who are searching for anything but business as usual. Like us, you’re a high performer who’s an expert at your craft, constantly challenging the status quo. You value inclusivity and want to join a culture that empowers you to show up as your authentic self. You know that success hinges on commitment, that our differences make us stronger, and that the finish line is always sweeter when the whole team crosses together.

Position Overview :

Alteryx is searching for a Senior Analyst, Information Security Governance that will drive the development, collaboration, editing, review, approval and publication of process and policy documentation in support of our core security initiatives and services. Primary focus will be on the development of process documentation and cyber security related policies / standards / directives. Responsible for independently authoring information security policies, standards and procedures following established document formats / templates. Broadly socialize draft policies, standards, and procedures documents to solicit feedback from key internal and external stakeholders, driving updates and maintaining version control. Establish and adhere to quality control standards for creating and internally publishing information security policies, standards, and procedures for the company. Communicate with internal and external stakeholders about information security policies, standards, and procedures.

Required Skills & Job Responsibilities :

A minimum of one (3) + years’ experience in one or more of the various information security related disciplines (e.g., policy, governance, risk management, compliance, records management).

Serves as an information security liaison to cross-departmental stakeholders in connection with business activities, establishing solutions that integrate security requirements with business priorities.

Under general supervision, writes a wide variety of documents including formal policies and procedures, process flow maps, how-to guides, job-aides and reference manuals, cheat sheets, and instructions in a clear, accurate, and succinct manner.

Reviews current policy and procedure documents for thoroughness. Drafts and submits improvement recommendations to appropriate approver and / or subject matter expert(s) for review. Edits and submits final documents using appropriate systems and processes.

Conducts security related risk assessments (e.g., Policy / Procedure Review, Operational Review, Vendor Review, Contract Review, InfoSec Audit) to understand the risk landscape and to target mitigation steps.

Communicates with information security leadership and business stakeholders on issues raised during all reviews. Assists with development of action plans for issues / gaps identified during reviews and works with stakeholders to determine appropriate monitoring and testing routines.

Monitors developments to maintain knowledge of current information security issues, ensuring ongoing compliance with requirements from laws, regulations, and global standards.

Performs other duties and projects as assigned.

Demonstrates knowledge of and adherence to EEO policy; shows respect and sensitivity for cultural differences; educates others on the value of diversity; promotes working environment free of harassment of any type; builds a diverse workforce and supports affirmative action.

Follows policies and procedures; completes tasks correctly and on time; supports the company’s goals and values.

Demonstrates knowledge of, adherence to, monitoring and responsibility for compliance with federal, state, and other laws as they pertain to this position.

Knowledge of GDPR, CCPA, and familiarity with PDPA and APPI privacy regulations.

Demonstrates basic understanding of data protection laws and regulations, fair information practices, core data protection principles, and information security related frameworks.

Valued Skills :

Bachelor’s degree in an IT or business field preferred, particularly with an emphasis on cybersecurity.

Possible certifications preferences include : U.S. Certified Information Privacy Professional (CIPP / US), Certified Information Privacy Manager (CIPM), Certified Information Privacy Technologist (CIPT), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Controls (CRISC)

Find yourself checking a lot of these boxes but doubting whether you should apply? At Alteryx, we support a growth mindset for our associates through all stages of their careers. If you meet some of the requirements and you share our values, we encourage you to apply. As part of our ongoing commitment to a diverse, equitable, and inclusive workplace, we’re invested in building teams with a wide variety of backgrounds, identities, and experiences.