Principal Information Security Analyst – Compliance
The Principal Information Security Analyst - Compliance is a member of Care.com's information security team, acting as a key member for functions at Care.com related to Governance, Risk and Compliance. This position works closely with the information security, information technology and legal teams to ensure that the Care.com security program meets its contractual, regulatory and legal requirements. As a member of the information security team, this role contributes to the core roles and responsibilities of the team to implement and maintain processes, procedures and systems to improve Care.com security.
External Audit and Compliance
- Participate in annual PCI-DSS audits, coordinating with business functions to produce evidence
- Participate in annual SOX audits, coordinating with business functions to produce evidence
- Participate in annual SOC 2 audits, coordinating with business functions to produce evidence
Internal Audit and Compliance
- Participate in GDPR process compliance oversight processes
- Ensure processes and procedures adhere to Care.com procedures and requirements
- Build automated documented audit procedures to ensure compliance
- Engage with business owners to educate and clarify compliance requirements
- Conduct risk-based evaluation of policy exception requests
Additional Roles andResponsibilities
- As a member of the Care.com information security team:
- Maintain a comprehensive understanding of Care.com information systems
- Work closely with the information technology team to implement and enforce Care.com policy
- Champion information security policy across the organization
- Act as member of the information security policy review committee
- Act as member of the Incident Response Team, assisting with response to and reporting of incidents
- Conduct routine log review of information security events and assist in investigation of security events
- Actively monitor for and triage information related to vulnerabilities in Care.com systems
- Respond to litigation hold and eDiscovery requests
- Participate in and assist with audits of Care.com's information security program (PCI-DSS, SOX, GDPR, GLBA, SOC2)
- Coordinate external assessments of Care.com information security (risk assessment, penetration test, incident response tabletop)
- 7-10+ years experience in an information security field.
- BS degree in Computer Science, Cyber Security, Information Technology (or related discipline); Graduate degree in Information Assurance (or related discipline) or formal training and experience in Information Security.
- Strong knowledge of endpoint and server operating systems (e.g. Windows, macOS, Linux) and relevant security risks and controls.
- Strong knowledge of network security fundamentals.
- Familiarity with enterprise security tools (antivirus, firewalls, email monitoring, two-factor authentication, IDS/IPS, etc.)
- Working knowledge of and experience with compliance/remediation efforts of relevant domestic and international security standards and best practices such as PCI-DSS, ISO 27001/2, SOX, SOC2/SSAE16, NIST, GDPR, GLBA and HIPAA.
- CISSP or CISA certifications preferred.
- Familiarity with cloud computing environments and applications preferred.
- Ability to quickly change priorities and handle simultaneous tasks.
- Excellent oral and written communications.
Since launching in 2007, Care.com (NYSE: CRCM) has been committed to solving the complex care challenges that impact families, caregivers, employers, and care service companies. Today, Care.com is the world's largest online destination for finding and managing family care, with 17.7 million families and 13.1 million caregivers* across more than 20 countries, including the U.S., UK, Canada and parts of Western Europe, and approximately 1.5 million employees of corporate clients having access to our services. Spanning child care to senior care, pet care, housekeeping and more, Care.com provides a sweeping array of services for families and caregivers to find, manage and pay for care or find employment. These include: a comprehensive suite of safety tools and resources members may use to help make more informed hiring decisions - such as third-party background check services, monitored messaging, and tips on hiring best practices; easy ways for caregivers to be paid online or via mobile app; and Care.com Benefits, including the household payroll and tax services provided by Care.com HomePay and the Care Benefit Bucks program, a peer-to-peer pooled, portable benefits platform funded by household employer contributions which provides caregivers access to professional benefits. For enterprise clients, Care.com builds customized benefits packages covering child care, back up care and senior care consulting services through its Care@Work business, and serves care businesses with marketing and recruiting support. Headquartered in Waltham, Massachusetts, Care.com has offices in Berlin, Austin and the San Francisco Bay area.
*As of September 2018
Care.com supports diverse families and communities and seeks employees who are just as diverse. As an equal opportunity employer, Care.com recognizes the power of a diverse workforce and encourages applications from individuals with varied experiences, perspectives, and backgrounds.