Business Analyst, Security & Compliance
Role Overview
We are seeking an experienced Business Analyst, Security and Compliance to enhance Proofpoint's security compliance programs.
Key Responsibilities
* Lead Compliance Initiatives – Drive and oversee the successful certification and continuous compliance with ISO 27001 and SOC 2 Type II.
* Manage Internal & External Audits – Coordinate and execute internal readiness assessments and manage third-party audits.
* Develop Policies & Controls – Establish, refine, and enforce security governance policies, controls, and processes that support regulatory compliance and risk mitigation.
* Risk Management & Remediation – Identify compliance risks, conduct gap analyses, and collaborate with cross-functional teams to implement remediation plans.
* Stakeholder Collaboration – Act as the primary compliance liaison between engineering, security, legal, product management, and external auditors.
* Continuous Improvement – Monitor evolving security regulations, industry standards, and best practices, proactively adapting policies and controls to maintain compliance and improve security posture.
* Training & Awareness – Develop and deliver security governance training to relevant stakeholders.
Requirements
* Proven experience (4+ years) in governance, risk, and compliance (GRC), preferably within a SaaS or cloud security environment.
* Deep knowledge of ISO 27001, SOC 2 Type II, NIST, GDPR, and other security standards and frameworks.
* Demonstrated success in managing security audits from planning to certification.
* Experience implementing security policies, controls, and risk management frameworks in a complex enterprise environment.
* Strong project management skills with the ability to drive cross-functional initiatives.
* Excellent communication skills, with the ability to translate security and compliance requirements into actionable business processes.
* Certifications such as CISSP, CISA, CISM, or ISO 27001 Lead Auditor/Implementer are highly desirable.
About Us
Protecting people is at the heart of our award-winning lineup of cybersecurity solutions, and the people who work here are the key to our success.
We're a customer-focused and driven-to-win organization with leading-edge products. We are an inclusive, diverse, multinational company that believes in culture fit, but more importantly 'culture-add', and we strongly encourage people from all walks of life to apply.