Trantor is a Menlo Park-based IT Services organization with more than 800 employees globally. Our specialty lies in building dedicated Centers of Excellence to optimize Product development, Technology operations, and Marketing operations for our customers like Google, McKesson, Thomson Reuters, VMWare, Lending Point (and 40 more). Our CoE’s span across AWS Cloud Operations, AI/ML as a Service, Robotic Process Automation, FinTech, MarTech, and Product Co-Development services. We are a team of passionate technologists who are solution-oriented, customer-centric team players with respect for all our people and ownership to help solve our customer's problems.
At Trantor we are on a mission – Optimize our customer's cloud journey and infrastructure based on 3 primary levers – Security, Cost, and Compliance. Our groundbreaking technology, service delivery, and intelligence gathering with our innovations in machine learning and AI-based solutions help customers. We have earned numerous honors and top rankings for our technology, organization, and people – clearly confirming our industry leadership and our special culture driving it. We also offer flexible work arrangements to help our people manage their personal and professional lives in a way that works for them. So, if you’re ready to work on unrivaled technology where your desire to be part of a collaborative team is met with a laser-focused mission to stop breaches and protect people globally, let’s talk.
Please visit https://trantorinc.com for more details.
About The Role
The Information Security Governance & Risk function assists and supports the core functions within the Information Security Governance and Risk Team. Core functions include Access Reviews, Risk Management, Vendor Risk, Security Audit, and Security Education.
1. 5-8 years of experience in managing security audits, such as, ISO 27001, HITRUST, SOC 2 including preparing control owners for audits, interpreting control requirements, reviewing control evidence for appropriateness, testing control effectiveness, presenting control evidence to external auditors, and audit planning with external auditors.
2. In-depth knowledge of security controls, interpreting control requirements for SOC 2, ISO, or HITRUST audits, reviewing control evidence for completeness and accuracy, and ensuring evidence provided to auditors satisfies control requirements.
3. Ability to of plan and lead meetings with control owners and external auditors.
4. Ability to clearly define control requirements to control owners or explaining control evidence to external auditors.
5. 5-7 years of experience planning and performing vendor security risk reviews including creation of templates and reporting for reviewing different types and categories of vendors such as cloud, vendors hosting sensitive data, and vendors with access to sensitive data.
6. Extensive experience reviewing ISO, SOC 2, HITRUST, Pen Test, and other forms of security assessment reports.
7. Ability to perform effective interviews of business owners and vendors, assessing risk, and documenting a report the summary of the vendor services provided, findings, and risks presented by the solution.
8. Manages and tracks the delivery of Security Training and Awareness campaigns.
9. Assists in the development of content for Security Awareness campaigns.
10. Actively contributes to the Security knowledgebase to enable internal knowledge sharing and facilitates efficient audits and questionnaire responses.
11. Supports the Security Audit function by reviewing evidence submissions for accuracy and completeness, following up on audit requests, and helping to establish a continuous monitoring function.
12. Manages and performs quarterly access reviews ensuring completeness and accuracy of results and consistent evidence collection.
13. Assist the vendor risk management function in the review, evaluation, and reporting related to vendors to ensure security requirements for proposed solutions, technologies, services, and capabilities are carefully considered.
14. Supports the Risk Management function by reviewing and documenting Security exceptions and recommending appropriate actions. 15. Assist in testing and verification of all offshore controls and formulating reports documenting findings.
16. Recommends and assists in the definition and implementation of security controls in accordance with enterprise policies, standards, and procedures.
17. Knowledge of NIST 800-53, NIST CSF, HITRUST, HIPAA, ISO 2700x, and other leading industry security standards and frameworks
18. Knowledgeable in security concepts, techniques, tools, methods, and practices
19. Strong risk analysis, customer service, problem solving, and consulting skills.
Industry Certifications 1. Certified Information Security Auditor (CISA) 2. Certified Information Systems Security Professional (CISSP) 3. Certified in Risk and Information Security Controls (CRISC)
Trantor is a leading software services company headquartered in Menlo Park, CA. We deliver innovative technology solutions which enable our clients to achieve their business objectives at a reduced cost. We excel in internalizing our client's business processes and objectives. We create and/...