Security Compliance Analyst at Sumo Logic

United States

Apply Now

Not SpecifiedCompensation

Mid-level (3 to 4 years)Experience Level

Full TimeJob Type

UnknownVisa

SaaS, Cloud Computing, TechnologyIndustries

Requirements

Located primarily in the US
Experience supporting security compliance programs in a SaaS environment
Experience with at least 2 of the following: PCI-DSS, SOC2, HIPAA, ISO27001, FedRAMP
Strong communication skills
Detail-oriented and highly organized
Positive attitude under pressure
Ability to take ownership of cross-functional projects and complete them on time and on budget
Strong skills in communication, security and privacy, and compliance of security controls
Ability to work and communicate across various teams and at various levels of the business
Knowledge of compliance frameworks such as PCI DSS, ISO 27001, SOC 2, IRAP, and NIST 800-53 / FedRAMP
B.S. in Computer Science / Computer Security or related discipline (desired)
Cybersecurity certifications such as CRISC, CISM, CISSP or equivalent (desired)
Experience working with sales teams (desired)
Experience in public cloud environments (desired)
Incident response experience or training (desired)

Responsibilities

Design, develop, and maintain internal controls in response to security and compliance goals: FedRAMP, SOC2, HIPAA, PCI-DSS, ISO27001, etc
Perform security reviews and identify security gaps in architecture resulting in recommendations for inclusion in the risk mitigation strategy
Support tooling and automation that facilitate security and compliance related activities and lead to reducing the disruption of audit events
Lead planning, coordination and execution of 3rd party-risk assessments and audits
Develop and maintain internal and external-facing security and compliance documentation
Work with product and engineering teams to maintain compliance baseline in Sumo Logic products
Work with internal teams to formulate processes in line with compliance and security controls, hold them accountable for following them, and manage throughout Risk Treatment and Remediation plans
Provide direction to management team on compliance goals and statuses
Drive periodic reviews, updates, and maintenance of compliance items
Interface with external auditors and be a primary point of contact for audits
Participate in maintenance of standard security and compliance collateral for marketing and sales activities
Support the analysis, classification, and response to cybersecurity risks within the organization
Support sales team with customer meetings regarding questions on Information Security and Privacy
Assist with managing penetration testing, code reviews, internal scanning and remediation (desired)

Skills

Key technologies and capabilities for this role

PCI-DSSSOC2HIPAAISO27001FedRAMPCloud SecurityComplianceDevSecOpsRisk MitigationInternal ControlsSecurity Reviews

Questions & Answers

Common questions about this position

What compliance frameworks does this role require experience with?

The candidate must have experience with 2 of the following: PCI-DSS, SOC2, HIPAA, ISO27001, and FedRAMP.

Is this role remote or does it require a specific location?

The role needs to be located primarily in the US.

What key soft skills are needed for this position?

The role requires being detail oriented, highly organized, strong communication skills, a positive attitude under pressure, and the ability to take ownership of cross-functional projects.

What kind of collaboration is involved in this role?

This role will collaborate with the DevSecOps Automation and Security Operations Team as well as all lines of business at Sumo Logic to build relationships and trust across the organization.

What makes a strong candidate for this Security Compliance Analyst role?

Ideal candidates have supported security compliance programs and experience in a SaaS environment, along with experience in at least two key frameworks like PCI-DSS, SOC2, HIPAA, ISO27001, or FedRAMP.

Sumo Logic

Cloud-based data analytics and security platform

About Sumo Logic

Sumo Logic provides data analytics and security tools that help businesses collect, analyze, and visualize large datasets. Their cloud-based platform allows medium to large enterprises in various industries to manage their data efficiently and securely from anywhere. Unlike many competitors, Sumo Logic operates on a subscription model, offering scalable solutions that enable clients to budget their expenses predictably. The company's goal is to empower businesses to make informed decisions and enhance their operational efficiency and security.

Redwood City, CaliforniaHeadquarters

2010Year Founded

$330.8MTotal Funding

IPOCompany Stage

Data & Analytics, Enterprise Software, CybersecurityIndustries

501-1,000Employees

Benefits

Competitive base salary + bonus + RSU's

Unlimited PTO + 12 company holidays + 4 quarterly wellness days

100% remote or in office

Employee stock purchase plan- ESPP

Medical, Dental, Vision

Paid Parental leave

Risks

Increased competition from companies like Magna5 could threaten market share.

Free data ingest model may lead to revenue challenges if not enough paying customers.

Rapid global data growth could overwhelm infrastructure, affecting service reliability.

Differentiation

Sumo Logic offers a cloud-native platform for real-time machine data analytics.

The company provides a unique Flex Licensing model for unlimited log data ingest.

Sumo Logic's Cloud SIEM solution automates threat detection and provides contextualized threat insights.

Upsides

Expansion into South Korea opens new customer bases in the Asian market.

Recognition as a Challenger in Gartner's Magic Quadrant enhances credibility and attracts clients.

Flex Licensing model removes cost barriers, potentially increasing customer acquisition.

Land your dream remote job 3x faster with AI

Try Jobo Free