IT Security Analyst overseeing internal audits, security assessments, and compliance for CMC’s IT operations. Engaging in risk management and policy development while collaborating with cross - functional teams.
About the role
- Security Analyst managing security and compliance programs for fintech startup. Ensuring policies and evidence stay organized and collaborate with Head of Security for execution.
Responsibilities
- Triage and manage incoming security requests from entire company.
- Own and manage the full vendor security assessment lifecycle (new vendors and annual reviews).
- Own and build device management and provisioning process.
- Troubleshoot and enhance in-office IT, wifi and physical security.
- Partner with product/engineering teams to clarify which controls apply to new features, systems, or architectural changes.
- Read python code to understand vulnerabilities and help validate fixes and make small bug fixes or configuration updates when appropriate.
- Maintain organized, audit-ready repositories of policies, SOC reports, and control documentation.
- Assist with security questionnaires from enterprise customers.
- Coordinate evidence collection and organize materials for quarterly/annual audits.
- Update and refine security policies to reflect current controls and organizational practices.
- Track remediation of security findings from vulnerability scans, pentests, and audits.
Requirements
- 1-4 years of experience in GRC, security compliance, IT audit or security operations.
- Familiarity with SOC 2, PCI DSS, ISO 27001, or similar security frameworks.
- Ability to read and understand python code to validate security fixes.
- Strong organizational and documentation skills.
- Ability to own and prioritize multiple tasks open at once.
- Experience with vendor assessments, access reviews, evidence collection, or audit support.
- Comfort working with technical teams, asking clarifying questions, and escalating when need.
- Nice to have: Payments experience.
- Nice to have: Knowledge of penetration testing workflows.
- Nice to have: ability to read node.
Benefits
- 100% of Medical, Dental and Vision premium coverage for yourself and dependents.
- Enjoy regular team lunches at our San Francisco office, fostering collaboration and connection over great food.
- A fun and caring environment that prioritizes transparency, growth, and ownership.
- A talented, diverse, high-achieving, and humble team with diverse backgrounds and viewpoints.
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Specialist in PingFederate, PingDirectory and PingID for IAM infrastructure management. Collaborating with teams for stable operation and development in Cotia.
Cyber Security Analyst in the Core IP/DDoS Security team at Vodafone. Ensuring real - time threat mitigation and incident response for DDoS attacks.
Senior Security Analyst developing and implementing security strategies for logistics operations. Focus on risk assessment, staff training, and policy compliance.
Security Analyst managing vulnerability management for PostFinance. Overseeing patching and security issues to ensure system stability.
IT Security Analyst supporting the Supreme Court of Nevada in safeguarding judicial information systems. Implementing security controls, maintaining compliance, and conducting security assessments in a collaborative environment.
Information Security Analyst SME protecting information assets by designing and maintaining security policies. Ensuring compliance with security standards in a tech services company focused on digital transformation.
Vulnerability Analyst role in BGS supporting government clients. Conduct vulnerability assessments and enhance cybersecurity protocols for effective mitigation strategies.
Analyst of Information Security focusing on Governance and Project Risk Analysis in software development. Join a dynamic team collaborating on security in tech projects.
Cybersecurity Analyst responsible for protecting corporate environments and managing security incidents. Collaborating with IT teams and providing strategic security communications.