Cybersecurity Assurance Analyst

Summary

Join Axonius' growing security team as a Cybersecurity Analyst focused on Governance, Risk, and Compliance (GRC). This fully remote position (EST or CST time zones only) requires ensuring the security of organizational information assets and compliance with regulations. You will collaborate with stakeholders to mitigate risks, implement security policies, manage vendor relationships, and create reports. The ideal candidate possesses strong cybersecurity principles understanding, GRC framework knowledge, and risk assessment experience. This role involves various responsibilities, including framework implementation, risk management, compliance management, vendor management, training and awareness, policy management, reporting and metrics, and cross-functional collaboration. Axonius offers a remote-first culture, excellent benefits, and opportunities for career growth.

Requirements

• Possess exceptional collaboration and communication skills, with a proven ability to build consensus and effectively communicate GRC activities to diverse audiences, including senior management
• Have a degree in a related field and 3+ years of experience in cybersecurity or IT, OR a minimum of 5 years of combined relevant education and experience in cybersecurity or IT
• Understand cybersecurity principles, compliance requirements, risk assessments, and GRC frameworks
• Understand relevant security regulations and frameworks (e.g., ISO 27001, SOC2, NIST CSF, etc.)
• Be proficient with common IT systems and applications, with the ability to quickly learn and navigate new technologies
• Possess strong analytical and problem-solving skills with the ability to work independently and develop creative solutions
• Be a self-starter with the ability to build partnerships and function effectively with limited oversight
• Have the ability to quickly learn various systems (e.g., Safebase, Anecdotes, Zendesk, Zip, Jira, etc) to support risk management and compliance activities
• Demonstrate a willingness to adapt and adjust to meet evolving business needs
• Show a commitment to staying current on industry trends, emerging technologies, and relevant regulations
• Have a proactive and self-motivated approach to identifying areas for improvement and implementing solutions

Responsibilities

• Collaborate to develop, review, and update strategies, policies, and procedures related to cybersecurity and technology governance
• Employ effective project management techniques to manage governance routines and meetings and to maintain compliance processes
• Employ strong project management skills to collaborate with stakeholders across the organization, identify and analyze cybersecurity risks, and develop and implement remediation plans within established timelines
• Conduct risk assessments and internal reviews to proactively identify potential compliance issues
• Maintain consistent follow-up with risk owners to ensure accountability and effective risk mitigation, driving the organization's risk management program toward its defined risk appetite
• Proactively manage compliance activities by ensuring timely responses to risk assessments, audits, and customer or prospect inquiries
• Prepare for and support internal and external audits, promptly addressing audit findings and closing identified gaps
• Maintain and improve internal control standards, and stay current on relevant regulations and industry standards (including NIST and GDPR)
• Assist with the vendor risk lifecycle, which requires collaborating with stakeholders across various teams, such as Corp IT, SecOps, Legal, and Procurement
• Maintain vendor security information, conduct security assessments, ensure compliance with security requirements, and provide technical expertise to evaluate the security posture of SaaS systems, integrations, and add-ons
• Collaborate with stakeholders to develop and deliver effective security awareness and GRC training programs
• Take ownership of tracking training compliance and identifying areas for program improvement
• Collaborate with stakeholders to develop, maintain, and update security policies, procedures, and standards
• Take ownership of tracking policy exceptions and ensuring proper approvals are obtained
• Assist with developing and maintaining comprehensive security metrics and reporting processes to track key performance indicators (KPIs), identify trends, and inform decision-making
• Track KPIs such as the number of open risks, time to remediate risks, and compliance with key regulations
• Continuously improve reporting accuracy, efficiency, and effectiveness to align with evolving organizational needs
• Foster strong partnerships with stakeholders across Legal, Technology, Sales, and Finance teams to ensure alignment on security objectives and initiatives
• Partner with the Sales team to help address customer or prospect questions regarding our security program, which might also include completing the CAIQ or SigLite and posting it to our trust center

Preferred Qualifications

Possess relevant certifications (Sec+, DoD 8570/8140, CRISC, etc.)

Benefits

• Remote-first culture
• 100% coverage of 2 different tiers of employee healthcare premiums
• Dental, vision, and 401k match
• 17 weeks of parental leave for primary caregivers and 8 weeks for secondary caregivers
• Additional time off for important life events like marriage, birth of a grandchild, and more!
• Corporate social responsibility partnerships, employee giving opportunities, and volunteer time off
• Market rate salaries, bonuses, or commissions
• Stock options for all full-time employees with equity refresh opportunities
• Highly supported Employee Resource Groups (ERG)
• Executive-level diversity and inclusion goals
• Training, events, and mentorship options
• Ongoing growth opportunities, including mentorship programs, a learning and development stipend, and company-wide courses