Compliance Specialist

Description:

Full Job Description

#WeAreCrowdStrike and our mission is to stop breaches. As a global leader in cybersecurity, our team changed the game. Since our inception, our market leading cloud-native platform has offered unparalleled protection against the most sophisticated cyberattacks. We’re looking for people with limitless passion, a relentless focus on innovation and a fanatical commitment to the customer to join us in shaping the future of cybersecurity. Consistently recognized as a top workplace, CrowdStrike is committed to cultivating an inclusive, remote-first culture that offers people the autonomy and flexibility to balance the needs of work and life while taking their career to the next level. Interested in working for a company that sets the standard and leads with integrity? Join us on a mission that matters - one team, one fight.

About the Role

The Governance, Risk, and Compliance Specialist is charged with assisting in the identification, assessment, measurement, monitoring, and reporting of risk through CrowdStrike’s Governance, Risk, and Compliance (GRC) program. The GRC Specialist’s primary function will involve supporting auditing and compliance functions in relation to CrowdStrike supply chain risk including vendors and partners with a focus on Software Security.

The ideal candidate will be up to the challenge of understanding current processes and being continuously on the lookout for innovative and flexible ways to automate processes that support a fast-paced, secure, and empowered environment.

This role covers audit and compliance processes in the context of security, privacy, and other enterprise-wide operational areas related to supply chain risk and will include tasks such as:

• conducting third party controls evaluation to determine risk;

• evaluating Open Source and Commercial Off the Shelf software;

• working with various internal teams to define and prioritize remediation efforts, tracking and reporting on remediation activities;

• inspecting and validating solutions that have been implemented;

• performing other duties within the scope of governance, risk, and compliance as needed.

What You’ll Need

• practical experience with policy and regulatory mandates such as COBIT, SOC1/SOC2, CSA-CCM, ISO27001/27002/27031, GDPR, CCPA, PCI-DSS and NIST Risk Management Framework and associated standards such as sp800-34, sp800-53, sp800-161, FedRAMP, CMMC, etc.;

• experience in typical office applications including Microsoft Word, Excel, etc.;

• Fundamental technical understanding of key technologies such as Windows, Linux, and Apple operating systems, networks, application development, databases, virtualization, and cloud infrastructures; and

• 3-5 years relevant experience, or a BA or BS / MA or MS degree in Computer Science/Engineering, Math, Information Security, Information Systems, Information Assurance, Information Security Management, Intelligence Studies, Data Science, or Cybersecurity.