Security GRC Analyst III

Onapsis Logo

Onapsis

๐Ÿ“Remote - Argentina

Summary

Join Onapsis as a GRC professional to manage third-party and customer assessment processes, maintain the ISMS, and support security audits (ISO 27001, SOC 2, TISAX Lv3). You will be the GRC liaison, monitoring provider and policy compliance, creating InfoSec training materials, and collaborating with various teams. Key responsibilities include developing and maintaining information security policies, conducting security assessments, managing vendor security assessments, performing risk assessments, supporting security audits, overseeing physical security, developing a disaster recovery plan, creating performance indicators, and managing customer security assessments. The ideal candidate will have at least 3 years of experience in a similar role and excellent communication skills. Knowledge of ISO/IEC 27001, other security standards, and relevant laws and regulations is required. Onapsis offers competitive compensation and incentives.

Requirements

  • At least 3 years in a similar role
  • Excellent communication skills
  • Jira usage knowledge
  • Spoken and written English level
  • Practical experience on audit and risk assessment
  • Knowledge of Information Security and Privacy related laws and regulations in the US and EU
  • Knowledge of other information security standards apart from ISO/IEC 27001:2013 and SOC 1 and SOC 2 audits (e.g., NIST 800-53, CIS Critical Security Controls, etc.), rules and regulations related to information security and data privacy (e.g., GDPR, FERPA, CCPA, etc.) and related security principles for risk identification and analysis

Responsibilities

  • Develop and maintain a formal set of Information Security policies, procedures, and standards according to the ISO/IEC 27001:2013
  • Conduct and complete an annual review of the company's information security policies, procedures, and standards
  • Oversee and/or assist in performing ongoing assessments testing the company's security procedures, mechanisms, and controls
  • Serve as a liaison for the implementation of security controls derived from policies, standards, and procedures
  • Perform and manage the Vendor Security Assessment process before contracting services or applications with third parties
  • Perform periodic Risk Assessment reviews and coordinate the remediation plan of risks with the corresponding Data Owners
  • Support the coordination of the security audits such as ISO 27001, SOC 1 and SOC 2 audits, including preparing meetings, communicating with auditors and internal stakeholders, and reviewing controls and evidence accuracy
  • Assist in the evaluation and settings of physical security for company sites
  • Oversee the development of a Disaster Recovery Plan
  • Develop a set of Performance Indicators to evaluate the effectiveness of security standards and controls
  • Create training materials and ensure compliance through adequate training/awareness programs and periodic security audits. These audits should be both internal and external in nature
  • Provide development guidance and assistance in the identification, implementation, and maintenance of organization information privacy policies and procedures in coordination with the Data Privacy team
  • Manage the Customer Security Assessments by collaborating with Sales, Customer Success and Legal departments to review agreements with customers, answering questionnaires or sharing compliance documentation, in order to ensure compliance with customers requirements

Preferred Qualifications

ISO/IEC ISO 27001, CISSP, CISA, or other security certifications desired

Benefits

Financial security through competitive compensation and incentives

Remote

Cybersecurity

Mid-level

Share this job:

Disclaimer: Please check that the job is real before you apply. Applying might take you to another website that we don't own. Please be aware that any actions taken during the application process are solely your responsibility, and we bear no responsibility for any outcomes.