Security GRC Analyst

Summary

Join Turnitin, a global leader in educational integrity, as a Sr Security GRC Analyst. You will play a crucial role in ensuring compliance with security frameworks, industry standards, and internal policies. This position involves conducting risk assessments, audits, and evaluations to identify and mitigate potential risks. You will collaborate with various departments, including sales, customer support, and internal teams, to maintain compliance and respond to security inquiries. This role requires strong analytical skills, attention to detail, effective communication, and a commitment to continuous learning. Turnitin offers a remote-centric culture, competitive benefits, and a commitment to employee well-being.

Requirements

• Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent experience)
• 3+ years of experience in a role related to Information Security or Cybersecurity Compliance
• Professional certification such as CCSK, AWS Cloud Practitioner, or other related industry certification
• Familiarity with cybersecurity frameworks and regulatory standards such as NIST, SOC 2, TX-RAMP, and PCI DSS
• Familiarity of risk management and security best practices
• Experience with assessing security controls, risk mitigation strategies, and audit procedures
• Understanding of concepts related to AWS Cloud Infrastructure and security
• Experience conducting security impact analysis for system changes
• Experience conducting periodic internal security reviews or risk assessments to ensure that compliance procedures and technical configurations are followed
• Experience conducting third-party risk assessments
• Contract review experience for security requirements
• Highly organized and proactive individual capable of managing multiple responsibilities and delivering results

Responsibilities

• Maintain compliance tracking capabilities to help ensure adherence with Turnitin’s security program and industry standards such as NIST CSF, NIST 800-53, SOC 2, TX-RAMP and PCI DSS
• Conduct risk and compliance assessments, audits, and risk evaluations to identify potential risk and compliance gaps
• Lead preparation and audit activities required to maintain our SOC 2 Type 2
• Collaborate with internal teams and external auditors for audit and compliance reviews
• Collaborate with sales and customer support teams to respond to security questionnaires and security posture questions from customers
• Support TPRM Program and conduct third-party risk assessments
• Complete user access reviews
• Administration of GRC platform
• Participate in the development and documentation of security policy, standards and processes to align with company information security strategy
• Provide security awareness and phishing training for employees and promote a culture of security and compliance
• Coordinate phish testing
• Collaborate with DevOps, IT, Legal, Engineering, People Team, and other departments to ensure security control and policy requirements are integrated into systems and business processes
• Provide input on ways to improve and automate team processes

Preferred Qualifications

• Experience running SOC 2 audits or NIST based authorizations
• Experience using Jira and Confluence for project and task management
• Hands-on experience with Wiz, KnowBe4, and Hyperproof
• Experience conducting third-party risk assessments
• Demonstrated knowledge of security assessment of cloud technology and services (AWS)
• Entry level cybersecurity certification such as Security+, GIAC GSEC, or ISC2 Certified in Cybersecurity

Benefits

• Health Care Coverage*
• Education Reimbursement*
• Competitive Paid Time Off
• 4 Self-Care Days per year
• National Holidays*
• 2 Founder Days + Juneteenth Observed
• Paid Volunteer Time*
• Charitable contribution match*
• Monthly Wellness or Home Office Reimbursement/*
• Access to Modern Health (mental health platform)
• Parental Leave*
• Retirement Plan with match/contribution*