IT Security Specialist focusing on cyber defense within a family - owned company. Responsibilities include managing firewalls, monitoring threats, and implementing security solutions.
About the role
- Information Security Lead responsible for security posture and compliance initiatives at Earned Wealth. Collaborating across teams to enhance policies and manage risk assessments effectively.
Responsibilities
- Lead and support SOC 2 Type I & II, SEC S-P, ISO 27001, and CCPA initiatives, including leading engagements with external firms and consultants as necessary.
- Maintain and enhance core security and compliance policies (WISP, CDISP, Access, Privacy, Intercompany Agreements).
- Inform and lead the implementation of data and other access permissions consistent with security and compliance policies in close partnership with engineering.
- Develop scalable, repeatable processes to unify acquired firms into Earned’s security and compliance program.
- Conduct risk assessments and maintain a shared risk register with remediation tracking.
- Support identity and access governance (MFA/SSO reviews, onboarding/offboarding, quarterly access reviews).
- Run vendor risk assessments for new and renewing vendors.
- Manage evidence collection, asset inventory, and security compliance platforms such as Vanta or Drata.
- Assist with incident documentation, timelines, and corrective actions.
Requirements
- Bachelor’s degree in relevant field
- 5+ years in GRC, IT audit, security operations, or compliance
- Experience in organizations scaling through both organic and inorganic (M&A) growth
- Familiarity with HITRUST, SOC 2, SEC S-P, NIST CSF, ITGC, and vendor risk frameworks
- Experience designing and implementing scalable evidence systems, compliance workflows, metrics pipelines, and exception processes
- Ability to integrate GRC systems with cloud and SaaS environments for automated evidence collection and continuous monitoring
- Strong documentation, organization, and communication skills
- Ability to work independently in a fast-paced, small-team environment
Benefits
- An attractive total compensation package
- Employer-sponsored health insurance (medical, dental, vision)
- 401k + **5%** match
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Junior Information Systems Security Engineer at AMERICAN SYSTEMS managing DoD cyber security. Collaborating on technical issues and supporting risk management framework compliance.
Information Systems Security Engineer assisting in cyber security requirements for DoD systems. Collaborating closely with customers and ensuring compliance with the DoD Risk Management Framework.
Staff Product Security Engineer driving security innovation while ensuring compliance with federal standards at DataRobot. Leading security engineering, automation, and customer engagement for federal customers.
Security staff for proSicherheit performing access controls and ensuring compliance with safety standards. Involves reporting, patrolling, and handling emergencies in Hamburg area.
Auszubildende(n) zur Fachkraft für Schutz und Sicherheit in Hamburg bei proSicherheit GmbH. Modernes Sicherheitsunternehmen mit Fokus auf Sicherheit und Vertrauensaufbau.
Cyber Security Engineer responsible for DevSecOps and security automation at a leading Swiss IT consulting firm. Engaging in security measures across industries with a focus on collaboration and technology.
Cloud Security Architect responsible for strategic growth and development of Cloud Security solutions. Work with national clients on architecture and security concepts in Switzerland.
Information Security Manager coordinates ISMS development and security measures for Megamaris GmbH. Responsible for risk analysis and security training across 12 subsidiaries.
Security GRC Manager managing audits and compliance programs at Salesforce. Overseeing cloud security compliance and collaborating across departments for risk management.