Information Security Analyst

📋 Description

• • As an Information Security Analyst (IC3) at Cloudera, you will play a pivotal role in safeguarding the company's digital assets by managing the comprehensive security risk lifecycle for our extensive global vendor ecosystem. This is a highly autonomous, individual contributor position that demands profound technical acumen and a rigorous analytical approach to evaluating third-party environments. You will be instrumental in ensuring that Cloudera's data remains secure by conducting in-depth technical reviews, actively managing the risk register, and collaborating closely with the Information Security, Privacy, and Procurement departments.
• • Your responsibilities extend beyond mere compliance; you will be tasked with performing deep-dive technical assessments of vendor security controls and architectures. This involves meticulously analyzing complex audit artifacts such as SOC 2 Type II reports, ISO 27001 certifications, and Penetration Test results to uncover potential vulnerabilities that might not be immediately apparent. You will also leverage independent research to identify external risk factors, including public breaches or legal filings, that could impact vendor security and, by extension, Cloudera's.
• • A core function of this role is to identify security gaps and translate them into clearly defined, actionable risk records. You will own the entire lifecycle of these risk findings, from their initial identification through to their successful remediation or formal risk acceptance. This includes ensuring that all identified risks are accurately documented, assigned to the appropriate internal owners, and tracked with clear, achievable deadlines.
• • You will manage the end-to-end assessment process for both new and existing vendors, utilizing industry-standard frameworks like SIG-Lite, SIG-Core, and CAIQ. A significant and evolving aspect of this role involves AI specialization, where you will analyze the unique security and privacy risks associated with vendors' AI features, their data training practices, and their model governance strategies. This requires a forward-thinking approach to emerging technological threats.
• • Daily collaboration with the Information Security, Privacy, and Procurement teams is essential to ensure that all vendor engagements align with Cloudera's corporate policies and security standards. You will be responsible for driving all operational workflows within ServiceNow (GRC/IRM), maintaining the integrity of the data to ensure audit readiness and compliance. Furthermore, you will oversee the continuous monitoring of the vendor portfolio, ensuring that regular review cadences are met and that risk statuses are updated in real-time to reflect the dynamic threat landscape.
• • This role offers a unique opportunity to influence the security posture of a rapidly growing organization. You will be at the forefront of addressing emerging technology risks, including those posed by AI and complex cloud-native ecosystems. The position provides the autonomy expected of a senior analyst, coupled with the robust support of a highly collaborative and cross-functional team, fostering an environment of shared success and continuous learning. Your work will directly contribute to Cloudera's reputation as a trusted data partner for leading enterprises worldwide.