Security Compliance Readiness Analyst

Ciena is committed to our people-first philosophy. Our teams enjoy a culture focused on prioritizing a personalized and flexible work environment that empowers an individual’s passions, growth, wellbeing and belonging. We’re a technology company that leads with our humanity—driving our business priorities alongside meaningful social, community, and societal impact.

ROLE OVERVIEW:  Security Compliance Readiness Analyst

The Cyber Security organization at Ciena is a group of skilled professionals who share the same passion for defending against cyber criminals. With the increase in volume and sophistication of cyber-crime, we are growing and have tons of exciting work planned. We are dedicated to driving the security mission of Ciena throughout the enterprise; Do the Right Things (and Do Them Well), Protect the Company (From Evolving Threats), and to Build Trust (in Our Products and Program). The Cyber Security Compliance Readiness Analyst will have specific focus in performing control assessments, interfacing with internal auditors on Security matters, and helping to further mature the Compliance Readiness function.

The Security Compliance Readiness Analyst will work collaboratively with the Cyber Security Governance, Risk, and Trust (GRCT) functions, other functional areas within the Security Organization, Enterprise Digital Strategy & Technology (formerly IT) and Cieana at-large to assess, manage, and report on Ciena’s compliance posture and the security control environment.

Responsibilities:

• Assist in the implementation and execution of Ciena’s overall Security program vision and activities.
• Strong critical thinking, organization, problem solving, and interpersonal skills, including ability to effectively address issues in collaboration with others and ability to proactively identify and act on opportunities for improvement.
• Possess a risk-oriented mindset with a good understanding of cyber and information security risks to an organization’s systems, processes, and intellectual property. Use sound judgment in assessing the significance of risks or issues as they relate to Ciena’ control environment.
• Evaluate and report on security controls:  
  • Validate security and IT controls as well as leading or facilitating the remediation of control gaps.
  • Evaluate evidence submitted on security controls’ effectiveness and maturity.
  • Document current processes and controls to demonstrate current security and controls environment.
  • Understand and interpret policies/procedures/flow charts. Update process flows and documentation with any process/control changes.
  • Assess monitoring results and metrics for possible control or process improvements and provide periodic progress reports to management.
  • Create, review and summarize process and control documents.
• Evaluate contractual terms related to enterprise security and map them to corresponding controls within Ciena’s Unified Control Framework.
• Assist with the management and oversight of Security policy exceptions.
• Act as a liaison between auditors and internal stakeholders for Security.
• Support security internal audits and 3rd-party assessments to ensure timely completion, while maintaining positive and collaborative engagement with all stakeholders.  
  • Review the progress and any findings and work with different teams to manage remediation of control gaps from the assessments and audits.
  • Facilitate timely identification, escalation, remediation, and follow-up for outstanding audit issues.
• Assist with the management and configuration of the controls management application (GRC tool – LogicGate Control Management Application)
• Assist with gap analyses and documentation efforts related to frameworks and certification programs such as ISO 27001/2, SOX, NIST Cybersecurity framework, CISv8, GDPR, SOC 1/2, etc.

Minimum Qualifications:

• Bachelor’s degree in Cybersecurity, Computer Engineering, Information Technology, Auditing, or related field.
• Excellent presentation, speaking and written communication skills to manage communication with a diverse group of stakeholders at all organization levels.
  • Ability to clearly express concepts and ideas, verbally and in writing.
  • Assist in influencing stakeholders to implement necessary process modifications to meet regulatory and policy needs.

• 7+ Years of Experience with internal controls, control assessments, risk assessments, business process and internal IT control testing or operational auditing.
• Experience with managing control frameworks supporting an enterprise’s compliance with regulatory and contractual requirements, and industry framework alignment
• Experience with enterprise GRC tools such as LogicGate.
• Experience with project management tools such as JIRA.

Preferred Qualifications:

• Candidate will possess ability to be a successful self-starter, requiring minimal oversight.
• Knowledge of IT security aspects towards key areas like IT General Controls (ITGC), vulnerability management, architecture and engineering, cloud computing, DevOps, database management systems, SDLC, and agile development methodologies.
• Possesses relevant security certifications such as CISSP, CISA, CIA, CISM, CompTIA Security+, CCSP,  GSEC, etc.
• Experience of working on reporting, analytics, and data modelling tools such as Power BI, Tableau, ThoughtSpot, Looker, etc.  
• Proficient in working on Microsoft Word, Excel, PowerPoint, and computer literate with an interest in learning new software programs and tools.
• Ability to work after hours if needed.