Description:

As an Analyst on the Information Security Trust team, you will support the implementation of a continuously evolving governance, risk, and compliance program (GRC) supporting our enterprise and products. In this role, you will help establish a strong program for security by setting security policy and standards in alignment with applicable industry frameworks, ensure that groups across the company are aware of and adhere to security requirements, assess risk posture of systems and environments, work with teams throughout the organization to ensure control requirements are implemented in accordance with security policies and standards, oversee control assessments from external assessors, and continuous monitor programs to ensure controls are healthy and any gaps are addressed.

Basic qualifications:

• B.S./B.A. or greater in related field of study and / or relevant certifications (e.g. CISSP, CISA, CISM)

• 2-3 years of experience in security compliance / governance, risk management, information assurance, or other related field

To be successful in this role, you need: 

• To be ambitious, detail oriented, and to work to impact, not completion

• Excellent problem solving skills and the ability to dissent constructively and find resolution while showing respect towards others

• Ability to make sound, situationally aware decisions

• Ability to communicate effectively verbal and written communication skills, and ability to effectively provide security subject matter expertise across all levels of Appian information security concepts and requirements to personnel of varying technical backgrounds and positions 

• Ability to track work accurately and handle multiple work streams simultaneously, while meeting aggressive deadlines and delivering impactful products

• Ability to execute on established roadmaps

• Ability to work as a team to accomplish shared goals

• A passion for security and technology

• Understanding of security frameworks (e.g. ISO 27001, SOC 2, FedRAMP, PCI DSS, etc.)

• Understanding of relevant technologies such as: cloud-based SaaS / PaaS software delivery models and underlying IaaS (e.g. AWS, Azure, GCP), modern cloud native technologies (e.g. Kubernetes, Docker, serverless), operating systems (e.g. Windows, UNIX, Linux), cryptography

• Ability to evaluate environments, architectures, plans against compliance requirements to identify gaps, and to work collaboratively with teams responsible for implementing controls to provide guidance and oversight on how best to meet compliance requirements

• Ability to work independently