Senior Information Security Analyst

Summary

Join Granicus as a Senior Information Security Analyst and play a key role in managing multiple audit frameworks, ensuring compliance, and strengthening our information security posture. You will lead compliance audits, manage audit runbooks, track findings, and identify control gaps. Collaborate with internal and external stakeholders to remediate risks and improve security controls. This role requires extensive experience in information security and compliance, including managing third-party audits and working with various security frameworks. Granicus offers a remote-first work environment and a supportive, inclusive culture.

Requirements

• 7+ years in information security and compliance
• Direct experience leading third party cloud security audits, such as ISO 27001, SOC 2 Type II, FedRAMP, StateRAMP, TxRAMP
• Knowledge of common security frameworks, such as NIST 800-53, ISO 27001, PCI, HIPAA, SOC 2, and/or Cyber Essentials
• Understand nuances between different audit frameworks in order to educate and support internal control owners, prepare for audits, and manage the audit process
• Experience documenting company security policies and procedures
• Strong communication skills, written and verbal
• Program management experience for multiple compliance frameworks
• Experience working with a robust product set, including software and cloud services
• Ability to work with technical teams and non-technical teams
• Familiarity with AWS, Azure, and/or GCP cloud security and infrastructure

Responsibilities

• Manage external compliance audits, including for FedRAMP, TxRAMP, ISO 27001, SOC 2, HIPAA, FISMA, CJIS, PCI, and Cyber Essentials. This includes internal audit preparation, evidence review and submission, coordinating audit schedules, and managing audit deliverables
• Centralize and manage audit runbooks, including evidence runbooks. Build audit runbooks
• Track audit findings and resolution
• Lead audit retrospections to identify improvement opportunities, address challenges, and highlight success points
• Identify and communicate control gaps, provide analysis of compliance requirements, evaluate remediation plans, and track through resolution
• Build and maintain relationships with external auditors and control owners
• Provide guidance to control owners. Work with control owners to identify opportunities to improve control implementation and scalability
• Partner with product teams and control owners; provide guidance on compliance requirements for planned changes
• Participate in change control review meetings to provide Security feedback and decisions
• Manage security projects geared towards improvement of the ISMS, compliance audits, and security resources for internal stakeholders
• Assist as security SME for support request escalations
• Respond to customer questions, including to provide customer-facing responses and maintain a security answer library
• Review and update security training content at least annually

Preferred Qualifications

Relevant security certifications are a plus, such as CISSP, CISM, CISA, CRISC, or equivalent

Benefits

• Remote-first company with a globally distributed workforce across the United States, Canada, United Kingdom, India, Armenia, Australia, and New Zealand
• Employee Resource Groups to encourage diverse voices
• Coffee with Mark sessions – Our employees get to interact with our CEO on very important and sometimes difficult issues ranging from mental health to work-life balance and current affairs
• Microsoft Teams communities focused on wellness, art, furbabies, family, parenting, and more