GRC Security Analyst

View full description

Requirements:

• 2+ years of experience working in information security risk and/or compliance roles.
• Knowledge of common Information Security frameworks such as CIS, ISO 27001 & SOC 2.
• Prior experience with cloud-based security tools, technologies, and controls a plus (e.g, Amazon AWS, Azure, Heroku, GCP)

Responsibilities:

• Work on the coordination and facilitation of Appfire’s security governance goals and initiatives
• Support our sales channels regarding prospect and customer security questions, assessments, and audits, including speaking to technical controls and their alternatives and appropriate risk mitigation.
• Conduct assessments related to vendor risk management and follow up on associated findings.
• Provide support for regulatory and compliance initiatives (e.g. ISO 27001, SOC2, GDPR, etc.).
• Identify, document, and track information security policy-related non-conformities and assist in developing and monitoring corrective action plans.
• Assist in identifying & tracking information security risks, assessing impact, and tracking the execution of mitigation plans.
• Assist in tracking information security risk acceptances and exceptions and monitoring the execution of remediation plans.
• Track and ensure adequate and timely resolution to all audit and risk assessment findings/issues relating to information security.
• Assist in the monitoring of business continuity (BC) and disaster recovery (DR) testing.
• Perform periodic compliance checks across the Appfire organization.
• Provide support for the coordination and execution of integration plans for Appfire acquisitions.
• Support the annual review and update of information security-related policies and processes.
• Participate in and support annual security awareness campaigns.
• Handle sensitive and/or confidential material and information with suitable discretion.