Security Analyst managing security and compliance programs for fintech startup. Ensuring policies and evidence stay organized and collaborate with Head of Security for execution.
About the role
- IT Security Analyst overseeing internal audits, security assessments, and compliance for CMC’s IT operations. Engaging in risk management and policy development while collaborating with cross-functional teams.
Responsibilities
- Internal Audits: conduct and support internal IT security audits to ensure compliance with organizational controls, policies, and regulatory requirements
- Internal Audits: Provide guidance and support to IT teams in implementing security controls and mitigating risks in their respective areas
- SOX Auditing: Complete and support SOX (Sarbanes-Oxley) compliance audits, ensuring adherence to financial and IT controls. Complete (as scheduled) audit requests and activities
- SOX Auditing: Coordinate the provisioning of audit evidence during period of audit. Partner with Internal Audit and IT management teams to resolve/mitigate any findings, as needed
- SOC Reports Review: Review and assess SOC 1 and 2 reports to ensure external service providers meet security and compliance standards
- Third-Party Vendor Reviews: Conduct thorough security assessments of third-party vendors to mitigate risks associated with external partnerships
- GRC Tools: Utilize GRC tools to streamline and automate all aspects of the process. (governance, risk management, evidence collection, and compliance processes)
- Risk Management: Collaborate with cross-functional teams to establish and maintain effective risk management processes related to IT security
- Policy development and maintenance: Provide oversight in Policy design and content review for IT related policies
- Monitor and report: Maintain compliance reporting about IT Security policies, standards, and regulations. Construct metrics to explain progress to senior management and relevant stakeholders
- Participate in incident response activities, including investigating security incidents and breaches, and implementing remediation measures, as necessary
- Foster a culture of security awareness and compliance across the organization through training, awareness programs, and regular communication
Requirements
- Proven experience (2 years) in IT security governance, risk management, or related fields
- Strong understanding of IT security principles, standards, and frameworks (e.g., ISO 27001, NIST Cybersecurity Framework, GDPR)
- Experience with conducting IT security assessments, audits, and risk assessments
- Excellent analytical and critical thinking skills, with the ability to prioritize and manage multiple tasks simultaneously
- Effective communication skills, with the ability to convey complex technical information to non-technical stakeholders
- Demonstrated ability to work collaboratively in a cross-functional team environment
- Experience with IT Security/GRC tools and automation technologies
- Demonstrated ability to effectively collaborate with and influence a variety of internal stakeholders
- Strong verbal and written communication skills with the ability to create and effectively deliver information and facilitate presentations
- Able to partner with various parts of the business to identify and achieve goals
- Makes effective, fact-based business decisions and recommendations
- Recognizes problems, identifies opportunities, and suggests solutions for improvement
- Seeks opportunities for learning/growth and is open to feedback
- Able to balance tactical decisions with bigger picture
- Is results focused; set exacting standards for self and others
- Is open to and supports organizational changes
- Demonstrates commitment to focus on customer service
- Willingness and ability to make quick and effective decisions
- Vendor Relationship management
Benefits
- Day 1 Benefits Coverage with low cost Medical, Vision, Dental
- Day 1 Paid-time Off and Vacation
- 4.5% Company Match 401(k) plan
- $500 Annual Company-paid Lifestyle Benefit
- Competitive Compensation and Bonuses
- Company-paid Life and Disability Insurance
- Employee Stock Purchase Plan
- Training and Advancement Opportunities
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Specialist in PingFederate, PingDirectory and PingID for IAM infrastructure management. Collaborating with teams for stable operation and development in Cotia.
Cyber Security Analyst in the Core IP/DDoS Security team at Vodafone. Ensuring real - time threat mitigation and incident response for DDoS attacks.
Senior Security Analyst developing and implementing security strategies for logistics operations. Focus on risk assessment, staff training, and policy compliance.
Security Analyst managing vulnerability management for PostFinance. Overseeing patching and security issues to ensure system stability.
IT Security Analyst supporting the Supreme Court of Nevada in safeguarding judicial information systems. Implementing security controls, maintaining compliance, and conducting security assessments in a collaborative environment.
Information Security Analyst SME protecting information assets by designing and maintaining security policies. Ensuring compliance with security standards in a tech services company focused on digital transformation.
Vulnerability Analyst role in BGS supporting government clients. Conduct vulnerability assessments and enhance cybersecurity protocols for effective mitigation strategies.
Analyst of Information Security focusing on Governance and Project Risk Analysis in software development. Join a dynamic team collaborating on security in tech projects.
Cybersecurity Analyst responsible for protecting corporate environments and managing security incidents. Collaborating with IT teams and providing strategic security communications.