Security and Privacy Analyst

Summary

Join Quanata's growing Security and Privacy team as a Security and Privacy Analyst concentrating in GRC. You will support security and privacy compliance initiatives, conduct risk assessments, manage security policies, and assist in developing and operating our security and privacy compliance program. This role ensures Quanata's operations, products, and services comply with legal and regulatory requirements and industry best practices. You will support technical compliance readiness across cloud and engineering environments, ensure regulatory alignment with national cybersecurity and privacy laws, and coordinate with internal and external auditors. The ideal candidate will have a Bachelor’s degree and 3-5 years of relevant experience. Quanata offers a competitive salary, comprehensive benefits, and opportunities for professional development.

Requirements

• Bachelor’s degree in Information Security, Law, Business, or a related field, or equivalent relevant experience and
• 3-5 years of experience in security, privacy, compliance, or risk management roles, with a focus on governance, risk, and compliance (GRC)
• Knowledge of security technologies, privacy regulations, and industry standards (e.g., ISO 27001, NIST CSF, SOC 2, CCPA/CPRA). Familiarity with cloud-native platforms (e.g., AWS, GCP) and infrastructure as code is a plus
• Strong ability to conduct risk assessments, analyze security and privacy controls, and identify potential compliance issues
• Excellent written and verbal communication skills, with the ability to produce clear and concise documentation and reports
• Ability to work effectively with cross-functional teams and manage multiple tasks in a fast-paced environment

Responsibilities

• Support Security and Privacy Compliance: Assist in the development, implementation, and maintenance of security and privacy policies, procedures, and controls to ensure compliance with legal and regulatory requirements (e.g., GLBA, CCPA/CPRA, NAIC)
• Conduct Risk Assessments: Perform security and privacy risk assessments on systems, applications, and processes, identifying potential risks and recommending mitigation strategies
• Policy Development and Management: Collaborate with cross-functional teams to develop and update security and privacy policies, ensuring they are aligned with industry standards and best practices, and manage policy exceptions
• Incident Response Support: Assist in the management of security and privacy incidents, including compliance issues, conducting investigations, analyzing the impact, and coordinating response efforts
• Privacy Program Support: Contribute to the ongoing development, implementation, and operation of the company's privacy program, including managing data privacy requests and ensuring compliance with privacy laws
• Regulatory Audit Coordination: Act as a point of contact for external audits and attestations involving technical security or privacy controls (e.g., SOC 2, ISO 27001, CCPA/CPRA), coordinating across product, infrastructure, and legal teams
• Collaboration and Reporting: Work closely with development, engineering, operations, legal, and other teams to ensure that security and privacy are integrated into all aspects of the company’s operations. Prepare reports and presentations on compliance and risk management activities for senior management
• Continuous Learning: Stay current with the latest developments in security and privacy regulations, technologies, and best practices, and share this knowledge with the team

Preferred Qualifications

• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Privacy Professional (CIPP), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC), ISO 27001 Lead Implementer/Auditor
• Experience leading technical control assessments or regulatory audits across engineering and DevOps environments
• Experience in Regulated Industries: Familiarity with working in highly regulated industries such as insurance, finance, or healthcare
• Experience using GRC automation tools for evidence collection, risk monitoring, and policy tracking
• Technical Aptitude: Experience with security and privacy tools or services, cloud services, and automating compliance tasks is a plus

Benefits

• Medical, dental, vision, life insurance and supplemental income plans for you and your dependents
• A Headspace app subscription
• Monthly wellness allowance
• A 401(k) Plan with a company match
• One-time payment of $2K will be provided to cover the purchase of in-home office equipment and furniture at your discretion
• Our teams work with MacBook Pros, which we will deliver to you fully provisioned prior to your first day
• All employees accrue four weeks of PTO in their first year of employment
• New parents receive twelve weeks of fully paid parental leave which may be taken within one year after the birth and/or adoption of a child
• The twelve weeks is applicable to both birthing and non-birthing parent
• All employees receive up to $5000 each year for professional learning, continuing education and career development
• All team members also receive LinkedIn Learning subscriptions and access to multiple different coaching opportunities through BetterUp