Digi-Key is one of the fastest growing distributors of electronic components in the world. In addition to offering the broadest selection of in-stock electronic components and providing the best service possible to customers, employees have access to a highly competitive benefits package. The package includes a comprehensive health insurance plan featuring a low co-pay and no deductible plan as well as dental, vision, life, and long-term disability coverage; flexible spending accounts; competitive paid time off; relocation assistance; 401(k) and profit sharing; and education advancement. To learn more, visit our benefits and perks page .Position
Senior Information Technology Engineer, Governance Risk and ComplianceSchedule
(may change based on business needs):
Monday - Friday, 8:00AM to 5:00PM
Remote work may be available for the following states: AZ, AR, CA, IL, MA, MI, MN, NH, NY, ND, OH, SC, SD, TX, VA, WI Position Overview:
The Sr. Security Analyst is responsible for driving maturity in policies, technologies, and processes in alignment with industry best practices and internationally recognized standards. We are looking for someone who has "been there done that" and wants to leverage their experiences at a growing company.
This role will collaborate across business and IT, within the security and privacy team, as well as third parties. Leadership has invested strategically in security and privacy and our customers demand it. This role will drive general governance, risk and compliance practices as well as future ISO 27001 and CMMC certification to provide independent verification of this investment for our customers and partners.
The company is growing and changing. The right person has the skills to balance the needs of compliance with the needs of operations. They need to think in terms of scale and efficiency. We are a security first shop and we leverage guidance from industry best practices to drive our team's vision. Compliance will come as a biproduct of excellent security practices. We are looking for that person who has a long term vision of where we could be, is able to prioritize, and know when to push for change and when to be patient.Responsibilities:
Must be able to...
- Strong understanding of the following and how to apply in practice: PCI-DSS, ISO 27001, Critical Security Controls, and NIST
- Contribute to roadmap planning efforts and ad hoc adjustments to identify new efforts to pursue
- Use influence and be persuasive with new ideas to help the business meet its goals
- Present results to leaders, architects, product teams, and other internal customers
- Work with third parties (professional services, support, etc.)
- Work with scrum masters, IT managers, product owners, developers, testers, etc. to collaborate
- Create, maintain, and socialize documentation
- Develop and/or contribute to: policies, standards, requirements, and patterns
Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time.Required Knowledge, Skills, and ExperienceMinimum/Essential Qualifications:
Preferred Qualifications/Selection Criteria:
- Bachelor's degree in Computer Science or a related field or equivalent work experience
- 4-8 years' experience in a technical compliance and/or information risk management role
- Experience with multiple frameworks/methodologies (ISO, NIST, DFARS, CMMC, Critical Security Controls, etc.)
- Current or prior PCI certification (PCIP or PCI ISA)
- Working knowledge of GDPR (General Data Protection Regulation) or other privacy regulations
- CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), or equivalent
Digi-Key Electronics is an Equal Opportunity Employer. We encourage qualified minority, female, veteran and disabled, and other diverse candidates to apply and be considered for open positions.
If you are an applicant with a disability and need a reasonable accommodation for any part of the employment process, please contact Human Resources at 1-800-338-4105 or email@example.com .
Equal Employment Opportunity is the Law
Equal Employment Opportunity is the Law Supplement