Skip to content
Call +1.424.284.2574
Home > Careers > Senior Security Analyst – GRC

Senior Security Analyst – GRC

,

Relevant Experience: 2-4 years

Job Description

Information Security and Compliance Analyst will be a member of the information security team and assist with a wide range of information security tasks including, but not limited to ISMS policy, SOC2 compliance procedure creation and improvement, and technical controls auditing and review. As part of this position, the successful candidate will work closely with teams across the organization from HR, accounting, administration, IT, and engineering to ensure our standards are both sufficient to maintain our security posture and being adhered to by all parts of the organization.

Responsibilities

The Analyst will be expected to:

  • Lead on compliance reviews, certifications, and accreditations. (e.g. ISO27001, SOC2, GDPR, etc.)
  • Enhance risk and compliance strategy in alignment with internal controls, audit, and business requirements and objectives.
  • Review, assess, and document current internal controls.
  • Translate legal and regulatory requirements into a unified collection of processes and provide the respective stakeholders with compliance requirements and methodologies.
  • Facilitate Client assessments.
  • Collaborate with engineering, product, and cloud teams to ensure security compliance and continually improve processes.
  • Facilitate internal & external audits and conduct reviews to verify compliance.
  • Manage all internal and external audit findings and ensure their remediation on an agreed schedule with the respective stakeholders.
  • Collaborate with the privacy team and the data management team on the implementation of global policies.
  • Managing security incidents and taking appropriate corrective actions.
  • Define risk and compliance metrics and provide monthly reporting to management, including gaps in policy and proposed resolutions.
  • Maintain a risk register and manage risk mitigation plans.
  • Frequently update domain knowledge by tracking incoming regulations, maintaining knowledge of relevant frameworks and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations, and obtaining relevant certifications.
  • Conduct training on information security awareness for new joiners.

Experience & Qualifications

  • Must be a Graduate. Preferably in Computer Science / Computer Applications / Business Administration.
  • Demonstrated hands-on experience in performing key Information Security operational activities.
  • Possess excellent listening skills and proficient oral and written communication.
  • Have a proven ability to work effectively in a loosely structured team environment that demands a high degree of cooperation, flexibility, teaming, cross-group, and real-time responsiveness.
  • 2+ years of experience in information security compliance, audit, and/or risk management in a technology environment.
  • Experience facilitating external assessments, such as security audits or regulatory inquiries.
  • Understanding of the VAPT process and capability of driving vulnerability management.
  • Excellent written and verbal communication skills, as demonstrated by prior experience writing policies and/or providing company-wide training.
  • Ability to synthesize both complex and ambiguous requirements into actionable plans, as demonstrated through prior experience managing cross-functional programs.
  • Ability to foresee security and privacy risks and identify reasonable mitigation strategies that fit the business context.
  • People-oriented with the ability to build relationships, persuade stakeholders, and manage conflict across a variety of functions and skill levels.
  • Knowledge of security control frameworks and standards such as SOC2, ISO 27001, NIST, ITIL practices, and GRC, CSA CCM desirable.
  • Knowledge of current and impending regulatory requirements applicable to technology organizations, such as GDPR and the EU Artificial Intelligence Act desirable.
  • Familiarity with application security control models such as OWASP SAMM desirable.
  • ISO Compliance.
  • Identify control gaps and support remediation of findings.
  • Ability to contribute to internal ISO 27001 assessments.
  • Contribute to and achieve business and departmental goals and objectives.
Apply