Information Security Analyst

Business Area:

Seniority Level:

Job Description:

At Cloudera, we empower people to transform complex data into clear and actionable insights. With as much data under management as the hyperscalers, we're the preferred data partner for the top companies in almost every industry. Powered by the relentless innovation of the open source community, Cloudera advances digital transformation for the world’s largest enterprises.

As an Information Security Analyst (IC3), you will serve as a critical bridge between technical security requirements and business operations. You are responsible for managing the end-to-end security risk lifecycle for our global vendor ecosystem. This is an individual contributor role (Level 3) that requires deep technical expertise, a high degree of autonomy, and the ability to perform rigorous analysis of third-party environments.

You won't just be "checking boxes"; you will be performing deep-dive technical reviews, actively managing the risk register and partnering with InfoSec, Privacy, and Procurement to ensure our data remains secure. You will also play a key role in our evolving AI Governance program, assessing the unique risks posed by vendor-integrated AI models.

Key Responsibilities

• Conduct "deep-dive" technical reviews of vendor security controls and architectures.

• Analyze complex audit artifacts, including SOC 2 Type II, ISO 27001, and Penetration Test reports to identify hidden vulnerabilities.

• Perform independent research to identify public breaches, legal filings, or external risk factors that may not be disclosed in standard documentation.

• Identify security gaps and formalize them into actionable risk records.

• Own the lifecycle of risk findings, from initial identification through to remediation or formal risk acceptance.

• Ensure all risks are accurately documented and assigned to the correct internal owners with clear deadlines.

• Manage end-to-end assessments for new and existing vendors using industry standards (SIG-Lite, SIG-Core, CAIQ).

• AI Specialization: Analyze security and privacy risks specifically related to vendors’ AI features, training data practices, and model governance.

• Partner daily with InfoSec, Privacy, and Procurement teams to align vendor engagements with corporate policies.

• Drive all operational workflows within ServiceNow (GRC/IRM), ensuring data integrity for audit readiness.

• Oversee the continuous monitoring of the vendor portfolio, ensuring regular review cadences are met and risks are updated in real-time.

Qualifications & Key Skills

• Experience: 3+ years of experience in Information Security, Risk Management, or IT Audit (specifically focusing on TPRM).

• Technical Proficiency: Strong ability to interpret technical audit reports and vulnerability assessments. You should understand the nuances of a PenTest report as easily as a SOC 2.

• Framework Knowledge: Deep familiarity with standardized assessment frameworks (SIG, CAIQ) and security standards (NIST, ISO).

• Systems Expertise: High proficiency in ServiceNow (GRC/IRM) for risk tracking and workflow management.

• Communication: Proven ability to translate complex technical risks into "business speak" for Legal and Business stakeholders.

• Problem Solving: A proactive mindset—someone who identifies a gap and immediately works to find a remediation path rather than just flagging the issue.

Preferred Certifications

• Certified Information Systems Security Professional (CISSP)

• Certified Information Systems Auditor (CISA)

• Certified in Risk and Information Systems Control (CRISC)

• Certified Third-Party Risk Professional (CTPRP)

Why Join Us?

You will have the opportunity to influence the security posture of a growing organization while staying at the forefront of emerging technology risks, including AI and cloud-native ecosystems. This role offers the autonomy of a senior analyst with the support of a highly collaborative cross-functional team.

What you can expect from us:

• Generous PTO Policy

• Support work life balance with Unplugged Days

• Flexible WFH Policy

• Mental & Physical Wellness programs

• Phone and Internet Reimbursement program

• Access to Continued Career Development

• Comprehensive Benefits and Competitive Packages

• Paid Volunteer Time

• Employee Resource Groups

EEO/VEVRAA

NA