Senior Information Security Analyst

Summary

Join Granicus as a Senior Information Security Analyst and play a key role in managing multiple audit frameworks, ensuring compliance, and enhancing the company's security posture. You will be responsible for managing external compliance audits, centralizing audit runbooks, tracking findings, and leading retrospections to identify improvement opportunities. This role involves identifying and communicating control gaps, collaborating with control owners, and providing guidance on compliance requirements. You will also participate in change control reviews, manage security projects, and assist as a security SME for support escalations. The ideal candidate possesses 7+ years of experience in information security and compliance, direct experience leading third-party cloud security audits, and a strong understanding of common security frameworks. Excellent communication and program management skills are essential.

Requirements

• 7+ years in information security and compliance
• Direct experience leading third party cloud security audits, such as ISO 27001, SOC 2 Type II, FedRAMP, StateRAMP, TxRAMP
• Knowledge of common security frameworks, such as NIST 800-53, ISO 27001, PCI, HIPAA, SOC 2, and/or Cyber Essentials
• Understand nuances between different audit frameworks in order to educate and support internal control owners, prepare for audits, and manage the audit process
• Experience documenting company security policies and procedures
• Strong communication skills, written and verbal
• Program management experience for multiple compliance frameworks
• Experience working with a robust product set, including software and cloud services
• Ability to work with technical teams and non-technical teams
• Familiarity with AWS, Azure, and/or GCP cloud security and infrastructure
• Responsible for Granicus information security by appropriately preserving the Confidentiality, Integrity, and Availability (CIA) of Granicus information assets in accordance with the company's information security program

Responsibilities

• Manage external compliance audits, including for FedRAMP, TxRAMP, ISO 27001, SOC 2, HIPAA, FISMA, CJIS, PCI, and Cyber Essentials. This includes internal audit preparation, evidence review and submission, coordinating audit schedules, and managing audit deliverables
• Centralize and manage audit runbooks, including evidence runbooks. Build audit runbooks
• Track audit findings and resolution
• Lead audit retrospections to identify improvement opportunities, address challenges, and highlight success points
• Identify and communicate control gaps, provide analysis of compliance requirements, evaluate remediation plans, and track through resolution
• Build and maintain relationships with external auditors and control owners
• Provide guidance to control owners. Work with control owners to identify opportunities to improve control implementation and scalability
• Partner with product teams and control owners; provide guidance on compliance requirements for planned changes
• Participate in change control review meetings to provide Security feedback and decisions
• Manage security projects geared towards improvement of the ISMS, compliance audits, and security resources for internal stakeholders
• Assist as security SME for support request escalations
• Respond to customer questions, including to provide customer-facing responses and maintain a security answer library
• Review and update security training content at least annually

Preferred Qualifications

Relevant security certifications are a plus, such as CISSP, CISM, CISA, CRISC, or equivalent

Benefits

• We are a remote-first company with a globally distributed workforce across the United States, Canada, United Kingdom, India, Armenia, Australia, and New Zealand
• At Granicus, we are building a transparent, inclusive, and safe space for everyone who wants to be a part of our journey
• Employee Resource Groups to encourage diverse voices
• Coffee with Mark sessions – Our employees get to interact with our CEO on very important and sometimes difficult issues ranging from mental health to work-life balance and current affairs
• Microsoft Teams communities focused on wellness, art, furbabies, family, parenting, and more
• We bring in special guests from time to time to discuss issues that impact our employee population