Security Assurance Specialist

Summary

Join Lumin Digital as a Security Assurance Specialist and play a key role in strengthening and maintaining the company's security and compliance posture. You will own the daily management of the vulnerability lifecycle, lead the configuration and continuous improvement of the GRC platform, and drive audit readiness and coordination activities for frameworks like SOC 2 and PCI. This position requires bridging technical detail and regulatory expectations to ensure controls operate effectively and stakeholders trust the security program. You will be responsible for vulnerability management, improving security controls, maintaining accurate GRC records, coordinating audits, conducting control testing, reporting on issue status, developing dashboards and metrics, contributing to customer trust initiatives, and monitoring regulatory changes. The role demands strong technical acumen, excellent project coordination skills, clear communication, and a proactive mindset for risk mitigation.

Requirements

• Bachelor’s degree in a relevant field such as Information Systems, Business, Risk Management preferred
• Three (3) years of professional experience in information security, risk management, compliance, IT audit, or a related field required
• Experience owning or administering GRC systems (TrustCloud, OneTrust, Drata, etc.) and workflows, including evaluating and improving control design required
• Hands-on experience with vulnerability management tools (e.g., Tenable, Synk, Rapid7) and understanding of common vulnerability types and remediation practices required
• Experience coordinating across cross-functional technical and non-technical teams is required
• Familiarity with audit frameworks and processes, especially SOC 2 and PCI
• Strong technical acumen with ability to understand systems, interpret vulnerability data, and assess control applicability in a SaaS environment
• Excellent project coordination and organizational skills, particularly in high-stakes, deadline-driven audit environments
• Ability to assess and improve business processes within technical platforms (especially GRC tools)
• Clear, concise written and verbal communication skills, able to adapt messaging for technical and executive audiences
• Critical thinker with strong attention to detail and a proactive mindset for identifying and mitigating risks
• Knowledge of security standards and frameworks (e.g., NIST 800-53, ISO 27001, SOC 2, PCI-DSS)
• Ability to design or improve security workflows within a GRC platform
• Familiarity with building or maintaining program-level dashboards or metrics
• Comfort engaging with customers or external auditors to explain security practices and documentation

Responsibilities

• Own the vulnerability management lifecycle, including review of scanning results, coordination with technical teams for remediation, and oversight through closure or documented exceptions
• Evaluate and improve the design and effectiveness of security controls within Lumin’s GRC platform, identifying gaps, redundancies, and opportunities for streamlining
• Maintain real-time accuracy of control and risk records within the GRC platform to reflect the current state of program conformance with internal policies and external requirements
• Coordinate internal and external audits (e.g., SOC 2, PCI), including management of document request lists, evidence collection, stakeholder communication, and follow-up on outstanding items
• Conduct control testing through evidence review, system analysis, policy comparison, and interviews to assess compliance with defined standards and frameworks
• Track and report on issue status and trends, manage the POA&M process, and work with leadership to resolve overdue items and identify systemic root causes
• Develop and maintain dashboards and metrics that reflect the maturity, coverage, and effectiveness of security and risk programs
• Contribute to customer trust initiatives by supporting RFPs, due diligence questionnaires, and client meetings with clear, accurate, and up-to-date security documentation
• Monitor regulatory and industry frameworks to identify emerging changes and provide recommendations to maintain or exceed compliance expectations
• Perform other duties as assigned

Preferred Qualifications

Experience supporting audits or external assessments (e.g., SOC 2, PCI) preferred