Senior Cyber Security Risk and Compliance Analyst

Here's an overview of the Security & Compliance Analyst role at Epsilon in Hyderabad, Telangana, India:

Company Description

Epsilon is a leader in outcome-based marketing, focused on delivering measurable business outcomes that are built on proof. Through Epsilon PeopleCloud, their marketing platform, they enable personalized consumer journeys with performance transparency. Powered by CORE ID, their highly accurate and stable identity management platform representing over 200 million people, Epsilon's award-winning data and technology are rooted in privacy-by-design and underpinned by powerful AI. With over 50 years of experience in personalization and performance, working with the world's top brands, agencies, and publishers, Epsilon is a trusted partner leading CRM, digital media, loyalty, and email programs. Positioned at the core of Publicis Groupe, Epsilon is a global company with over 8,000 employees in over 40 offices worldwide.

Overview

Epsilon is seeking a Security & Compliance Analyst who will be responsible for managing the organization's SOC 1, 2, and 3 audits preparatory processes and overseeing related activities. This includes managing extensive testing related to the company's internal and IT controls. The role acts as a Trusted Security Advisor, identifying environmental gaps, recommending solutions, and evaluating their effectiveness.

You will facilitate external audits for various compliance requirements such as HIPAA, PCI, ISO 27001, and manage the submission of risk acceptance requests, including review, analysis, scoring, and development of mitigating controls. Performing security risk evaluations, including identifying key controls and drafting audit programs, is also a key responsibility. The role demands input for improving operational efficiency and enhancing internal control design and effectiveness.

You'll oversee all SOC audit activities, ensuring work and deliverables align with agreed timeframes and departmental procedures. This involves cross-functional partnerships to understand end-to-end processes and effectively communicate audit status. The role also includes providing technical expertise and training, ensuring timely communication of audit results to stakeholders and senior management, participating in business unit meetings, and collaborating with senior management to understand business risks. Regular communication with regulators, external auditors, and risk management committees is essential for continuous monitoring and audit plan management.

Responsibilities

• Manage the organization's SOC 1, 2, and 3 audits preparatory processes and oversee related activities, including managing internal and IT control testing.
• Act as a Trusted Security Advisor, identifying environmental gaps, providing recommended solutions, and evaluating their adequacy.
• Facilitate external audits, including SOC 1, 2, 3, and compliance requirements such as HIPAA, PCI, ISO 27001, etc.
• Manage the submission of risk acceptance requests, including review, analysis, scoring, development of mitigating controls, and renewal review.
• Perform security risk evaluations, including identifying key controls, drafting audit programs, and executing the evaluation.
• Provide input to improve operational efficiency and/or enhance the design or operating effectiveness of the internal control environment.
• Oversee all audit activities relating to SOC 1, 2, and 3 audits, ensuring work and deliverables align with agreed timeframes and departmental procedures.
• Partner cross-functionally, inter-departmentally, and with external auditors to understand processes end-to-end and communicate status effectively.
• Provide technical expertise to direct reports, department, and internal partners, including assessing training needs and providing training.
• Ensure frequent communication of test and/or audit results and analysis to appropriate stakeholders and senior management.
• Participate in meetings with business units to discuss test/audit scoping, progress, and results.
• Interact and partner with senior management to understand business risks, changes, and significant events impacting the business and/or audit plan.
• Communicate with regulators, external auditors, and various risk management committees as part of ongoing continuous monitoring to manage the audit plan.

Qualifications

• Overall experience of 5-10 years, with a minimum of 2-3 years directly handling SOC audits.
• Strong understanding of compliance frameworks such as PCI, ISO 27001, AICPA Trust Services Criteria, HIPAA, etc.
• Experience with an audit firm/Big 4 is preferred.
• Ability to coordinate with other departments regarding various external audits and other security-related matters.
• Ability to review, assess, and evaluate security risk.
• Strong project management skills, including aligning to audit timelines and developing milestones.
• Strong leadership, analytical, and organizational skills.
• Excellent communication skills (both verbal and written).