The Basics

The Senior Cloud Compliance Analyst is the focal point for Tanium’s compliance program(s) and has responsibility for internal and external parties, driving high-level processes related to continuous improvement of requirements for ISO 27001, SOC2, plus other frameworks and managing/leading the initiative to support the ongoing compliance requirements and maintenance for Tanium. Acts as a subject matter expert (SME) to ensure that the program’s stakeholders and control owners understand expectations, commitments and dates for recertification timelines. 

The ideal candidate demonstrates in-depth knowledge and experience in GRC, compliance frameworks, cloud security controls implementation, compliance auditing, accreditation/certification and the creation of risk management frameworks involved to define needs and goals and guide continual improvement approaches. The Senior Cloud Compliance Analyst should demonstrate command of or acute familiarity with the CSAs Cloud Controls Matrix, with NIST 800-53 / 800-171, with the ISO 27000 series and SOC2, plus other requirements. The Senior Cloud Compliance Analyst is accountable for ensuring that business operations are effectively and consistently in compliance with Tanium’s information and cloud security practices. 

This is a hybrid position, which will require attendance several days each week in Durham, NC, Emeryville, CA, Addison, TX, Bellevue, WA, or Reston, VA.

 

What you'll do

  • Security Audit Management:  
    • Manage the relationships and execution of operational processes related to internal and external audit
    • Act as a key initiative driver and SME in in Tanium’s pursuit of industry certifications
    • Assess and review new vendors for optimal controls implementation and compliance
    • Works with stakeholders and control owners on the collection and uploading of evidence to meet auditor requirements and timelines.
    • Ensures day-to-day compliance with relevant laws, regulations, and internal policies.
    • Conducts compliance audits and risk assessment.
    • Ensures adherence to the implemented controls
    • Monitors and reports on compliance status and issues
    • Collaborating with IT and security teams to address compliance gaps and works on corrective actions 
  • Information Risk Reporting:  
    • Play the lead role in ongoing reporting requirements
    • Works as a partner between the stakeholders, control owners and the auditors
    • Communicates the program’s expectations, commitments, timelines and the results of findings
    • Make recommendations for improvement through concise, high-quality reports 
  • Security Assurance Program Development and Management:  
    • Develops and manages the program plan for stakeholder and control owner visibility into tasks, issues/risk and timelines
    • Communicates on a weekly basis through status reporting for stakeholders and control owners
    • Integrates the tracking compliance frameworks with the requirements of emerging Customer-Facing Cloud Infrastructure Frameworks at Tanium
    • Writes and revises Tanium’s System Security Plans (SSP), Plan of Actions & Milestones (POA&Ms), policies, standards, procedures, guidelines and other documentation based on Tanium’s business needs 

We’re looking for someone with

  • Education
    • Bachelor's Degree in Computer Science, Engineering, IT, InfoSec or other relevant degree or equivalent work experience 
  • Experience  
    • Extensive experience in cloud security and compliance (usually 5+ years for senior roles)
    • 5-7 years business/technical/information security/risk compliance experience
    • Experience in information security risk analysis, auditing, compliance, policies, and overall governance and communication
    • Strong understanding of cloud platforms and  of hybrid IT systems, networking, and cloud environments (AWS, Azure, Google, etc.)
    • Demonstrated success implementing Information Security control frameworks and standards such as ITIL, CIS Top 20, SOC 2, GDPR, NIST CSF / 800-53, FISMA, and FedRAMP
    • Strong knowledge of audit and risk management methodologies, such as COBIT, NIST 800-37/800-30, FAIR
    • Experience with GRC, IAM, and risk management tools and solution
    • Experience with information security tools and solutions.
    • Has delivered an ISO 27001, SOC2 or other frameworks (required) 
    • Has worked in a global environment on GRC/Regulatory tasks
  • Certifications  
    • CISA, CRISC, GIAC, CISM, or CISSP certifications (preferred) 

About Tanium 

Tanium delivers the industry's only true real-time cloud-based endpoint management and security offering. Its platform is real-time, seamless, and autonomous, allowing security-conscious organizations to break down silos between IT and Security operations that results in reduced complexity, cost, and risk. Securing more than 32M endpoints around the world, Tanium's customers include Fortune 100 organizations, top US retailers, top US commercial banks, and branches of the U.S. Military. It also partners with the world's biggest technology companies, system integrators, and managed service providers to help customers realize the full potential of their IT investments. Tanium has been named to the Forbes Cloud 100 list for nine consecutive years and ranks on the Fortune 100 Best Companies to Work For. For more information on The Power of Certainty™, visit www.tanium.com and follow us on LinkedIn and X. 

On a mission. Together. 

At Tanium, we are stewards of a culture that emphasizes the importance of collaboration, respect, and diversity. In our pursuit of revolutionizing the way some of the largest enterprises and governments in the world solve their most difficult IT challenges, we are strengthened by our unique perspectives and by our collective actions.   

We are an organization with stakeholders around the world and it’s imperative that the diversity of our customers and communities is reflected internally in our team members. We strive to create a diverse and inclusive environment where everyone feels they have opportunities to succeed and grow because we know that only together can we do great things. 

Each of our team members has 5 days set aside as volunteer time off (VTO) to contribute to the communities they live in and give back to the causes they care about most.   

What you’ll get

The annual base salary range for this full-time position is $110,000 to $325,000. This range is an estimate for what Tanium will pay a new hire. The actual annual base salary offered may be adjusted based on a variety of factors, including but not limited to, location, education, skills, training, and experience.

In addition to an annual base salary, team members will receive equity awards and a generous benefits package consisting of medical, dental and vision plan, family planning benefits, health savings account, flexible spending account, transportation savings account, 401(k) retirement savings plan with company match, life, accident and disability coverage, business travel accident insurance, employee assistance programs, disability insurance, and other well-being benefits.

 

For more information on how Tanium processes your personal data, please see our Privacy Policy

Apply for this Job

* Required
resume chosen  
(File types: pdf, doc, docx, txt, rtf)
cover_letter chosen  
(File types: pdf, doc, docx, txt, rtf)


Voluntary Self-Identification

To comply with government reporting obligations, we ask candidates to respond to the below self-identification survey. In addition, this information helps Tanium to have an inclusive environment for all by identifying and removing barriers in our hiring practices. Completing this form will help us achieve this goal and enhance our diversity program. Providing this information is voluntary and you may decline to self-identify for any of the categories below. Whatever your decision, your responses will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file. 

As set forth in Tanium’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law. 

Race & Ethnicity Definitions

  • Hispanic or Latino - A person of Cuban, Mexican, Puerto Rican, South or Central American, or other Spanish culture or origin regardless of race.  
  • White (Not Hispanic or Latino) - A person having origins in any of the original peoples of Europe, the Middle East, or North Africa.  
  • Black or African American (Not Hispanic or Latino) - A person having origins in any of the black racial groups of Africa.  
  • Native Hawaiian or Other Pacific Islander (Not Hispanic or Latino) - A person having origins in any of the peoples of Hawaii, Guam, Samoa, or other Pacific Islands.  
  • Asian (Not Hispanic or Latino) - A person having origins in any of the original peoples of the Far East, Southeast Asia, or the Indian Subcontinent, including, for example, Cambodia, China, India, Japan, Korea, Malaysia, Pakistan, the Philippine Islands, Thailand, and Vietnam.  
  • American Indian or Alaska Native (Not Hispanic or Latino) - A person having origins in any of the original peoples of North and South America (including Central America), and who maintain tribal affiliation or community attachment.  
  • Two or More Races (Not Hispanic or Latino) - All persons who identify with more than one of the above six races. 

Categories of Protected Veterans

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows: 

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability. 

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service. 

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense. 

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985. 

 

Voluntary Self-Identification of Disability

Why are you being asked to complete this form? 

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years. 

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp. 

How do you know if you have a disability? 

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition. 

Disabilities include, but are not limited to: 

  • Autism 
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS 
  • Blind or low vision 
  • Cancer 
  • Cardiovascular or heart disease 
  • Celiac disease 
  • Cerebral palsy 
  • Deaf or hard of hearing 
  • Depression or anxiety 
  • Diabetes 
  • Epilepsy 
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome 
  • Intellectual disability 
  • Missing limbs or partially missing limbs 
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS) 
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression 

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete. 

 

Gender: What gender do you most closely identify with? (Select one) *







Race/Ethnic Background: What ethnicity do you most closely identify with? (Select one) *








Veteran Status: Are you a protected veteran? (Select one) *



Disability Status: Do you have a disability that substantially limits a major life activity, as described above? (Select one) *




Enter the verification code sent to to confirm you are not a robot, then submit your application.

This application was flagged as potential bot traffic. To resubmit your application, turn off any VPNs, clear the browser's cache and cookies, or try another browser. If you still can't submit it, contact our support team through the help center.