Senior GRC Security Analyst

View full description

Requirements:

• 5+ years of experience working in information security risk and/or compliance roles.
• Knowledge of common Information Security frameworks such as CIS, ISO 27001 & SOC 2
• Prior experience with cloud-based security tools, technologies, and controls a plus (e.g, Amazon AWS, Azure, Heroku, GCP)
• Ability to work effectively within a fast-paced, changing environment that is going through high growth.
• A self-starter with the demonstrated ability to take initiative, who can proactively identify issues/opportunities and recommend actions.
• Strategic analysis, creative problem solving, and business judgment are required
• Excellent interpersonal and communication skills
• CISA, CISSP or similar security/GRC focused certifications a plus.

Responsibilities:

• Work on the coordination and facilitation of Appfire’s security governance goals and initiatives
• Support our sales channels regarding prospect and customer security questions, assessments, and audits, including speaking to technical controls and their alternatives and appropriate risk mitigation.
• Conduct assessments related to vendor risk management and follow up on associated findings.
• Provide support and act as key stakeholder and lead of regulatory and compliance initiatives (e.g. ISO 27001, SOC2, GDPR, etc.).
• Identify, document, and track information security policy related non-conformities and assist in developing and monitoring corrective action plans.
• Assist in identifying & tracking information security risks, assessing impact, and tracking the execution of mitigation plans.
• Assist in tracking information security risk acceptances and exceptions and monitoring the execution of remediation plans.
• Track and ensure adequate and timely resolution to all audit and risk assessment findings/issues relating to information security.
• Assist in the monitoring of business continuity (BC) and disaster recovery (DR) planning and testing.
• Develop control key performance indicators (KPI) to ensure compliance-related controls are operating to an acceptable tolerance level.
• Perform periodic compliance checks across the Appfire organization and develop and define associated metrics to allow clear visibility into Appfire governance, risk, and compliance status
• Work on the coordination and execution of integration plans for Appfire acquisitions.
• Moderate the annual review and update of information security related policies and processes.
• Participate in and manage annual security awareness campaigns.
• Evaluate and recommend GRC related technologies and solutions for future implementation.
• Handle sensitive and/or confidential material and information with suitable discretion