Information Security Analyst

Summary

Join our growing team as an Information Security Analyst - GRC! This critical role ensures the confidentiality, integrity, and availability of our information assets. You will focus on Governance, Risk, and Compliance (GRC) activities, including vendor risk management, policy management, security reviews, and internal audits. The ideal candidate possesses a strong understanding of security frameworks, risk management, and compliance requirements. This position requires experience in GRC and relevant security certifications are a plus. We offer a data-driven culture that prioritizes exceeding expectations and empowers team members.

Requirements

• Bachelor's degree in Computer Science, Information Security, or a related field preferred
• 2+ years of experience in Information Security, with a focus on GRC activities
• Strong understanding of security frameworks (e.g., NIST, ISO 27001, SOC 2) and regulatory requirements (e.g., GDPR, CPPA, HIPAA)
• Experience with vendor risk management methodologies and tools
• Experience with policy development and management
• Familiarity with security monitoring tools and incident response processes
• Excellent communication, interpersonal, and organizational skills
• Ability to work independently and as part of a 1 team

Responsibilities

• Manage and perform third-party risk assessments and annual security reviews for existing and new vendors
• Develop and maintain a comprehensive vendor risk matrix, incorporating all current and future vendors
• Schedule and facilitate the annual compliance tasks, such as tabletop Disaster Recovery exercise, policy reviews, internal audits
• Conduct internal security audits and perform gap analyses to identify vulnerabilities and areas for improvement
• Manage the lifecycle of security policies, including development, updates, approvals, and communication. Ensure policy acceptance and training completion through effective communication and tracking
• Schedule and conduct quarterly access reviews to ensure appropriate system access privileges
• Monitor and improve system security alerts from various platforms and escalate incidents to the appropriate teams for investigation and remediation
• Improve and maintain security documentation for our Trust Center, ensuring accuracy and completeness
• Assist with the completion of security-related sections of Request for Proposal (RFP) questionnaires and customer security questionnaires

Preferred Qualifications

Relevant certifications (e.g., CompTIA Security+, CISA, CISSP) are a plus

Benefits

• We create an unreasonably hospitable and data-driven culture
• We prioritize exceeding customer, and each other’s, expectations in every interaction
• Empowered team members solving problems proactively based on information, crafting personalized experiences, and radiating enthusiasm
• Trust and freedom allow team members to find creative solutions
• Shared purpose and recognition fuel a spirit of greatness to truly wow customers and each other
• We deconstruct failures to learn from them and take great pride in our successes; celebrating both
• We are committed to fair and equitable compensation practices
• We use data-driven pay practices with the goal of ensuring offerings are competitive to the market and our team members are being compensated correctly based on their roles, experience, and location