Sr. GRC Security Compliance Analyst

Position Overview: 

Alteryx is searching for a Senior Analyst, Information Security Governance that will drive the development, collaboration, editing, review, approval and publication of process and policy documentation in support of our core security initiatives and services. Primary focus will be on the development of process documentation and cyber security related policies/standards/directives. Responsible for independently authoring information security policies, standards and procedures following established document formats/templates. Broadly socialize draft policies, standards, and procedures documents to solicit feedback from key internal and external stakeholders, driving updates and maintaining version control. Establish and adhere to quality control standards for creating and internally publishing information security policies, standards, and procedures for the company. Communicate with internal and external stakeholders about information security policies, standards, and procedures. 

Required Skills & Job Responsibilities: 

• A minimum of one (3) + years’ experience in one or more of the various information security related disciplines (e.g., policy, governance, risk management, compliance, records management). 

• Serves as an information security liaison to cross-departmental stakeholders in connection with business activities, establishing solutions that integrate security requirements with business priorities. 

• Under general supervision, writes a wide variety of documents including formal policies and procedures, process flow maps, how-to guides, job-aides and reference manuals, cheat sheets, and instructions in a clear, accurate, and succinct manner. 

• Reviews current policy and procedure documents for thoroughness. Drafts and submits improvement recommendations to appropriate approver and/or subject matter expert(s) for review. Edits and submits final documents using appropriate systems and processes. 

• Conducts security related risk assessments (e.g., Policy/Procedure Review, Operational Review, Vendor Review, Contract Review, InfoSec Audit) to understand the risk landscape and to target mitigation steps. 

• Communicates with information security leadership and business stakeholders on issues raised during all reviews. Assists with development of action plans for issues/gaps identified during reviews and works with stakeholders to determine appropriate monitoring and testing routines. 

• Monitors developments to maintain knowledge of current information security issues, ensuring ongoing compliance with requirements from laws, regulations, and global standards. 

• Performs other duties and projects as assigned. 

• Demonstrates knowledge of and adherence to EEO policy; shows respect and sensitivity for cultural differences; educates others on the value of diversity; promotes working environment free of harassment of any type; builds a diverse workforce and supports affirmative action. 

• Follows policies and procedures; completes tasks correctly and on time; supports the company’s goals and values. 

• Demonstrates knowledge of, adherence to, monitoring and responsibility for compliance with federal, state, and other laws as they pertain to this position. 

• Knowledge of GDPR, CCPA, and familiarity with PDPA and APPI privacy regulations. 

• Demonstrates basic understanding of data protection laws and regulations, fair information practices, core data protection principles, and information security related frameworks. 

Valued Skills: 

• Bachelor’s degree in an IT or business field preferred, particularly with an emphasis on cybersecurity. 

• Possible certifications preferences include: U.S. Certified Information Privacy Professional (CIPP/US), Certified Information Privacy Manager (CIPM), Certified Information Privacy Technologist (CIPT), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Controls (CRISC)