We are seeking an experienced security professional to join our Engineering team & be an integral part of developing our Information Security program. Reporting to the Head of Information Security, this person will work closely with many parts of the business, including Engineering, Legal, IT, Support, People & Places, & Finance. Their primary focus will be on assessing & communicating business risk & threats. As an Information Security Risk Analyst, you will also be involved in creating strategy & assisting with security awareness training.
Who you are:
You are an inquisitive, curious, critical thinker who is always looking for better ways to tackle cyber security problems
Persistent Problem-Solver- You know what it takes to protect the business & as the business changes, you find ways to manage information security in a practical way
You are an effective communicator within the information security community & within the business
You use data, empathy & good judgement to approach business & people problems
You enjoy researching, implementing, & teaching security best practices
You are organized, can be flexible, leverage best practices, & most importantly, create solutions for any problem with a can-do attitude.
What you'll own:
Conducting, tracking, & following up on vendor risk assessments
Conducting quarterly company-wide risk assessments
Maintaining the company information security risk registry
Assisting with corrective action plans associated with identified risks
Responsible for running infrastructure level vulnerability scans, tracking issues, & communicating associated risks
Assisting with the development of assessment programs & questionnaires to aid in the identification & mitigation of third party supplier security risks
Projecting & quantifying potential impact of risk & communicates them in a manner that can be understood at a technical & executive level
Assisting with the communication & enforcement of security design, policies, procedures, solutions, & best practices
Assisting with the development of a threat intelligence program
Running the procurement & program of annual penetration tests
Managing bug bounty engagements & campaigns
Managing annual security awareness training for all company team members & ensuring 100% compliance
Support the Head of Information Security in all areas of information security
Conduct security research to stay on top of the latest security issues
Experience you'll need:
Bachelors of Science in CIS/MIS/CS/CE, Engineering/Technology or related field or equivalent experience/training.
5+ years working in Risk, SaaS business or technology industry.
Familiarity with security & privacy standards & regulations (E.g. GDPR, SOC II, PCI, ISO 27001/2)
Familiarity working with Burp & Nessus vulnerability scanning tools.
Familiarity with security tools such as nmap, nikto, jtr, hashcat, openssl, python, etc.
Applicable industry certifications (e.g., CIPP/E, CRISC, CISA, CISSP, CISM etc.)
Experience in information security risk assessment, business impact analysis, auditing process with a focus on SaaS or technical business.
Excellent organization skills, excellent interpersonal skills, problem solving & innovative thinking, attention to detail, ability to work well within a team & have a helpful & positive attitude.
Ability to travel up to 20%, including internationally
All your information will be kept confidential according to EEO guidelines.