Description:

You will have the opportunity to be on the cutting edge of Cloud Security and Compliance at Sumo Logic.
The Senior Security and Compliance Analyst will support existing compliance initiatives and continued audits for a fast-growing, highly technical Cloud Based SaaS Company.
This role is critical to Sumo Logic and will collaborate with the DevSecOps Automation and Security Operations Team as well as all lines of business to build relationships and trust across the organization.
The role will represent the Sumo Logic Security Compliance vision to a rapidly expanding global enterprise customer base in the new frontier of cloud computing.
The ideal candidate will have supported compliance programs in a SaaS environment and must be detail-oriented and highly organized.
Taking ownership of cross-functional projects and completing them on time and on budget is crucial for personal and Sumo Logic’s growth.
The candidate should have at least 7 years of experience supporting security compliance programs and at least 5 years in a SaaS environment.
Experience with 3 of the following 6 compliance frameworks is required: PCI-DSS, SOC2, HIPAA, ISO27001, and FedRAMP.
Communication skills are critical to success in this role, which requires a positive attitude under intense pressure.

Requirements:

The role needs to be located primarily in the US.
The candidate must support the analysis, classification, and response to cybersecurity risks within the organization.
Support for the sales team with customer meetings regarding questions on Information Security and Privacy is required.
Strong skills in Communication, Security and Privacy, and the Compliance of security controls are essential.
The ability to work and communicate across various teams and at various levels of the business is essential to this role.
Knowledge of compliance frameworks such as PCI DSS, ISO 27001, SOC 2, IRAP, and NIST 800-53 / FedRAMP is necessary.
A B.S. in Computer Science / Computer Security or a related discipline is desirable.
Cybersecurity Licenses and/or Certifications (e.g., CRISC, CISM, CISSP) are preferred.
Experience working with Sales Teams and in public cloud environments is a plus.
Incident response experience or training is beneficial.
The candidate should assist with managing penetration testing, code reviews, internal scanning, and remediation of findings.
Performing internal audits of key controls and communicating results to the executive team is also part of the role.

The expected annual base salary range for this position is $127,000 - $172,000.
Compensation varies based on factors such as role level, skills, competencies, qualifications, knowledge, location, and experience.
Certain roles are eligible to participate in bonus or commission plans, as well as benefits offerings and equity awards.
Employees are responsible for complying with applicable federal privacy laws and regulations, as well as organizational policies related to data protection.