Signify is hiring a
Security Risk Associate

Summary

Join Signifyd as a Security Risk Associate in the Information Security and Compliance department. Collaborate with the Security Risk Manager to enhance the GRC program and ensure our organization's security posture remains high. Contribute to various administrative security tasks, risk assessments, audits, vendor management, business continuity planning, and more.

Requirements

• Have a passion for security work
• Display highly organized, interpersonal, and communication soft skills
• Have at least 1+ years experience participating in at least one of audit type: PCI-DSS, ISO 27001, SOC2, SOX 404(b), or similar
• Have 1-3 years of experience in a security program analyst or GRC-related role
• Have at least 1+ years of experience conducting and responding to customer security assessments and audits

Responsibilities

• Facilitate the review and updates of security related policies and procedures
• Contribute to ongoing security and compliance risk and gap assessments
• Administer and plan security awareness training, including phishing simulations, announcements attendance, and engagement
• Perform ongoing and annual tasks and request fulfillments related to the Signifyd's external audits and reviews
• Support internal and external audits with collecting and analyzing preliminary evidence, preparing audit materials, etc
• Perform third-party vendor management security due diligence reviews assessing vendor risk and controls
• Conduct office security assessments to ensure compliance and evaluate the effectiveness of current security controls
• Contribute to business continuity and disaster recovery planning, assessments, and exercises
• Conduct regular access reviews on important systems
• Fulfill customer security questionnaires and complete standard information gathering (SIG) reports, while maintaining Signifyd's internal knowledge library to ensure answers remain up to date
• Assist in researching industry best practices, interpreting compliance requirements, and understanding their impact on Signifyd operations
• Assist in preparing internal reports and maintaining documentation to support compliance efforts
• Proactively participate in other GRC initiatives, offering insights and suggestions to enhance operational efficiency based on observations

Preferred Qualifications

• Ideal candidates will possess college degree and/or related professional certifications such as BS in business or information technology, CISA, CISM, CISSP, or similar
• Familiarity with additional security frameworks, privacy regulations, and standards (such as NIST, SIG, GDPR, CCPA) is an advantage

Benefits

• Discretionary Time Off Policy (Unlimited!)
• 401K Match
• Stock Options
• Annual Performance Bonus or Commissions
• Paid Parental Leave (12 weeks)
• On-Demand Therapy for all employees & their dependents
• Dedicated learning budget through Learnerbly
• Health Insurance
• Dental Insurance
• Vision Insurance
• Flexible Spending Account (FSA)
• Short Term and Long Term Disability Insurance
• Life Insurance
• Company Social Events
• Signifyd Swag