Information Security Risk Analyst II
SentinelOne is defining the future of cybersecurity through our XDR platform that automatically prevents, detects, and responds to threats in real-time. Singularity XDR ingests data and leverages our patented AI models to deliver autonomous protection. With SentinelOne, organizations gain full transparency into everything happening across the network at machine speed – to defeat every attack, at every stage of the threat lifecycle.
We are a values-driven team where names are known, results are rewarded, and friendships are formed. Trust, accountability, relentlessness, ingenuity, and OneSentinel define the pillars of our collaborative and unified global culture. We're looking for people that will drive team success and collaboration across SentinelOne. If you’re enthusiastic about innovative approaches to problem-solving, we would love to speak with you about joining our team!
What Are We Looking For?
We are looking for a highly motivated, collaborative, and experienced Information Security Risk Analyst, with a “security throughout” mindset who can balance risk, business drivers, and timelines. Reporting to the Sr. Manager of Governance, Risk & Compliance, this position will be responsible for understanding and supporting the design of SentinelOne's organizational, procedural, and technological security controls within the context of security frameworks applicable to SentinelOne.
What Will You Do?
- Evaluate relevant global standards, compliance frameworks, and regulations to analyze existing controls, identify areas for improvement, and design control growth.
- Participate in information security pre-sales and post-sales support cycles.
- Maintain an up-to-date pre-sales packet - knowledge base of all security-related questions and responses.
- Work with the Legal team to review and respond to information security requirements in customer MSAs / contracts / SOWs.
- Review and respond to customer security questionnaires, RFPs / RFIs, and external security inquiries.
- Participate in internal security and compliance programs and track recurring controls, such as IRAP, SSAE 18 SOC 2, ISO 27001/27002, CSA STAR, PCI DSS.
- Configure, update, and manage the GRC platform.
- Provide assistance during internal and external audits and evidence collection.
- Participate in defining, collecting, and tracking various security metrics.
What Skills and Knowledge Should You Bring?
- 3+ years of experience working in information security or compliance.
- Working experience with ISO 27001, SSAE 16/18 SOC 2, CSA STAR, PCI DSS, and other applicable regulatory compliance frameworks.
- Experience working with security controls across at least some of the following domains: Access Management, Encryption, Risk Management, Network Security, Configuration Management, Patch Management, Change Management, Awareness and Training, BC/DRP, etc.
- Ability to communicate effectively - in writing and verbally - to target audiences, including customers, partners, auditors, executive management, vendors, and peers.
- Experience working with both technical and non-technical teams.
- Ability and desire to understand the intent of requirements, and provide effective recommendations.
- Ability to prioritize in a highly-dynamic work environment.
- Bachelor’s degree in computer science, information technology or information security.
- Relevant certifications (e.g. ISO 27001 LA/LI, CISA, CISM, CISSP, CEH, CCSK, etc.)
- Ability to assess and pragmatically define scope and relevant controls.
SentinelOne is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.
SentinelOne participates in the E-Verify Program for all U.S. based roles.