Listing Description

Position Overview:

The Security Governance, Risk and Compliance team is a knowledgeable and engaging security team focused on audit and compliance of Diligent products, personnel, sites, and assets. We work closely together and cross-functionally with the greater Security Department and other technical and non-technical departments within the company. Our goal is to maintain a strong security program through the confidentiality and integrity of customer, employee, and business information in compliance with organization, industry, and regional policies and standards. 

In the Security Analyst II role, you are provided the resources and freedom you need to learn, grow, and try new things; the sky is your limit. You will help with ensuring trust and understanding of Diligent’s security compliance through planning  and completion of various audit and compliance efforts. Reporting to the Director, the position is responsible for supporting Diligent’s internal and external audit involvement throughout both Diligent Private and Public Clouds.

Key Responsibilities:

• Be a security and compliance Subject Mater Expert on Diligent’s security program and technical security details of Diligent’s product portfolio.


• Communicate with external auditors to comprehend requirements and become main point of contact between auditors and Diligent.


• Communicate with internal department Subject Mater Experts to collect sufficient audit evidence to provide to auditors.


• Monitor ongoing compliance initiatives such as annual documentation review, access reviews, and corrective actions.


• Support team members during various audit assessments.


• Support commercial teams by responding to existing customer and new prospect inquires related to security governance and compliance.


• Ensure relevant compliance information is readily available for internal and external use.


• Stay up-to-date on changes to regulations and standards related to compliance and security in order to dictate best practices for security controls to ensure compliance and lead improvements.

Required Experience/Skills:

• Working experience in an audit and compliance environment for public and/or private cloud


• Working experience with regulatory compliance standards and information security management frameworks
   - SOC, ISO 27001, ISO 27017, ISO 27018, NIST Cybersecurity Framework, HIPAA, FedRAMP 


• General understanding of private and public cloud compliance requirements


• Experience in developing and maintaining system security plans (SSPs) and other compliance documentation.


• Basic project management skills, including experience with ticketing systems.


• Excellent problem-solving and analytical skills.


• Strong verbal and written communication skills.


• Ability to work collaboratively in a team environment.

Preferred Experience/Skills

• Security certifications e.g. CISA, CISSP, Security+, etc.


• Bachelor's degree in Computer Science, Information Security, or related sciences preferred.


• 3+ years of Cybersecurity and/or Information Technology experience or the equivalent combination of education, technical training, or work experience.


• Strong decision-making capabilities, with an ability to weigh the relative costs and benefits to choose an appropriate response or action.