IT Security Analyst - SOX Compliance
Job Title: IT Security Analyst
Position Type: Full-time
Position Level: Mid - Senior
Location: Denver, CO
Travel Requirements: <10%
Named among the best workplaces in the U.S. by Great Place to Work five times, honored on FORTUNE Magazine’s inaugural list of the 100 Best Workplaces for Millennials, and chosen as the “Market Leader in Incentive Compensation” by CRM magazine, Xactly is proud to be disrupting the incentive compensation market space. We’re building a culture of success and are looking for motivated professionals to join us!
As an IT Security Analyst in Xactly's Denver office, you will be responsible for working with internal staff and Information Security to establish and enforce information security best practices, protect internal systems, improve processes and information security controls. We are seeking someone who wants to make a real impact with a rapid growth software company who is excited to tackle new challenges and opportunities while acting as an articulate team player who is passionate about information security and is excited to spread the Xactly love.
Not only do we offer strong growth opportunities for top performers, but we also have a top-notch culture, benefits (check them out below) and more. Our strong C.A.R.E. values - Customer Focus, Accountability, Respect & Excellence - guide our every move, allowing us to be a leader in the incentive compensation & performance management market. We set the example with excellent customer experience and deliver an award-winning SaaS (Software-as-a-Service) product!
- Security Infrastructure - Support components of the security infrastructure.
- Security Awareness – Update security awareness training, communications, and resources.
- Security Consultation - Resolve internal questions related to security issues, vendors, solutions, or applications.
- Security Assessment – Review a specific vendor or solution and define security requirements to gain security approval to use at Xactly.
- Security Testing – Perform penetration tests, threat analysis, and environment analysis.
- Security Compliance - Assist with compliance activities for SOX or other audits. Includes such activities as Quarterly access reviews.
- Security Policies – Create or update security policies, procedures, standards, and guidelines as necessary.
- Incident Response – Provide tier 2 analytical support to the monitoring team, and respond to security incidents, draft incident reports, note lessons learned.
- 4+ years in Information Security and minimum 5 years working in Information Technology
- Experience supporting SOX compliance initiatives IS A MUST
- Experience working in a SaaS company
- Analytical and problem-solving skills, with an ability to assimilate, analyze and correlate large amounts of forensic data from various network, operating system, application, and security devices, logs, and alerts
- Understanding and experience in networking concepts and services such as VPNs, firewalls, 802.1x, etc
- Identify security product/process gaps and implementation of enhancements/resolutions
- Review and/or approve changes to critical business systems and applications in line with customer, regulatory, and industry standards and requirements
- Perform security reviews of vendors to ensure compliance with policies and customer requirements
- Provide evidence for audits (SSAE16, SSAE18, SOC 2 Type 2, SOX)
- GRC (governance, risk, compliance) and various security standards and regulatory frameworks (SOC1 and SOC2, GDPR, Privacy Shield, CSA)
- Experience securing data stored in third-party cloud apps (i.e. Box, Google)
- Experience with incident response, disaster recovery, and business continuity planning
- Experience auditing backend infrastructure including switches, routers, firewalls, proxy servers, and enterprise systems and storage solutions
- Experience with intrusion detection and prevention (network and host-based) tools, security event and information management tools, and network and system forensics tools
- Experience in deployment and management of applied IT security technologies and tools such as two-factor authentication, data loss prevention (DLP) technologies, network access control, centralized endpoint protection, and content filtering
- Bachelor’s degree in Computer Science, Management Information Systems or a related field or the equivalent in applicable technical and/or help desk training
- Security and/or technical certification a plus
- CASB, SIEM, firewall, JIRA, identity vault, etc. tools
Benefits and Perks
- Flexible Time Off (FTO)
- Comprehensive Insurance Coverage (including pet insurance!)
- Tuition Reimbursement
- XactlyFit Gym/Fitness Program Reimbursement
- Kitchen Stocked Daily with Tasty Snacks, Fruit, and Drinks
- Access to Corporate Discounts
- Free Parking & Commuter Benefits
- Up to (3) Days Paid Leave to Participate in Community & Volunteer Opportunities
- End of Month Surprises, Contests, BBQs, Parties & Reward Vacations
- 401(k) Retirement Savings Plan & Employer Match
About Xactly Corporation
Xactly is a leading provider of enterprise-class, cloud-based, incentive compensation solutions for employee and sales performance management. We address a critical business need: To incentivize employees and align their behaviors with company goals. Our products allow organizations to make more strategic decisions, increase employee performance, improve margins, and mitigate risk. Our core values are key to our success, and each day we’re committed to upholding them by delivering the best we can to our customers.
Xactly is proud to be an Equal Opportunity Employer. Xactly provides equal employment opportunities to all employees and applicants without regard to race, color, religion, sex, age, national origin, disability, veteran status, pregnancy, sexual orientation, or any other characteristic protected by law.
We do not accept resumes from agencies, headhunters, or other suppliers who have not signed a formal agreement with us.