Senior GRC Security Analyst

Summary

Join Appfire's Information Security team as a Senior Security Analyst and contribute to the security of our rapidly growing company. You will work closely with the CISO, managing diverse governance, risk, and compliance tasks. Responsibilities include vendor risk management, compliance support (ISO 27001, SOC2, GDPR), risk identification and mitigation, and audit support. You will also participate in security awareness campaigns and evaluate GRC technologies. Appfire offers flexible remote work options from Poland, a competitive salary, and various benefits. Choose Appfire and customize your work experience.

Requirements

• Bachelor’s Degree in Computer Science, Information Security, Engineering, related curriculum, or equivalent experience
• 5+ years of experience working in information security risk and/or compliance roles
• Knowledge of common Information Security frameworks such as CIS, ISO 27001 & SOC 2
• Ability to work effectively within a fast-paced, changing environment that is going through high growth
• A self-starter with the demonstrated ability to take initiative, who can proactively identify issues/opportunities and recommend actions
• Strategic analysis, creative problem solving, and business judgment are required
• Excellent interpersonal and communication skills

Responsibilities

• Work on the coordination and facilitation of Appfire’s security governance goals and initiatives
• Support our sales channels regarding prospect and customer security questions, assessments, and audits, including speaking to technical controls and their alternatives and appropriate risk mitigation
• Conduct assessments related to vendor risk management and follow up on associated findings
• Provide support and act as key stakeholder and lead of regulatory and compliance initiatives (e.g. ISO 27001, SOC2, GDPR, etc.)
• Identify, document, and track information security policy related non-conformities and assist in developing and monitoring corrective action plans
• Assist in identifying & tracking information security risks, assessing impact, and tracking the execution of mitigation plans
• Assist in tracking information security risk acceptances and exceptions and monitoring the execution of remediation plans
• Track and ensure adequate and timely resolution to all audit and risk assessment findings/issues relating to information security
• Assist in the monitoring of business continuity (BC) and disaster recovery (DR) planning and testing
• Develop control key performance indicators (KPI) to ensure compliance-related controls are operating to an acceptable tolerance level
• Perform periodic compliance checks across the Appfire organization and develop and define associated metrics to allow clear visibility into Appfire governance, risk, and compliance status
• Work on the coordination and execution of integration plans for Appfire acquisitions
• Moderate the annual review and update of information security related policies and processes
• Participate in and manage annual security awareness campaigns
• Evaluate and recommend GRC related technologies and solutions for future implementation
• Handle sensitive and/or confidential material and information with suitable discretion
• Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position
• Thrive in a highly collaborative workplace, and actively engage in helping create secure software applications

Preferred Qualifications

• Prior experience with cloud-based security tools, technologies, and controls a plus (e.g, Amazon AWS, Azure, Heroku, GCP)
• CISA, CISSP or similar security/GRC focused certifications a plus
• You are dedicated to elevating client and co-worker experiences , knowing that exceptional work centers on serving others
• You adapt swiftly to new business demands , understanding that change fuels collective and individual growth
• You excel in communication, effectively connecting in remote/hybrid environments using tools like Slack, Zoom, and G Suite and through occasional in-person events
• You have exceptional coaching , mentoring , and people development skills

Benefits

• Salary Ranges: Perm (UoP) 14 700 - 25 000 PLN gross/month
• Every Appfire employee is eligible for company equity
• Home Office allowance – 200 PLN/month to cover your electricity and internet bills
• MyBenefit Platform – 150 PLN/month to spend on shopping, culture and entertainment, Multisport, travel, and more
• Lunch Card – 300 PLN/month to spend on groceries/restaurants (excluding alcohol and other excise duties items)
• You can apply for a 50% tax-deductible cost on creative works (AKUP/IP tax-deductible costs)
• Access to the Appfire University learning platform – a hub of knowledge, interactive resources, and engaging instructor-led courses designed to fuel your learning journey with unparalleled depth and accessibility
• English language courses
• 26 working days of paid annual leave, regardless of years of experience
• Wellness Days – additional time off each month to recharge and take care of yourself
• Private healthcare
• Life Insurance
• 3 fully paid days each year to participate in Appfire Town, Appfire’s Corporate Social Responsibility (CSR) Program
• Indefinite Employment contract from day one, no trial periods
• You can choose to work remotely from any location in Poland