Events  Classes  Jobs 
    Sign in  
Pluralsight // developer training by experts
   Posted: Thursday, February 06, 2020
Apply To Job

Job Description

The Opportunity

We are seeking an experienced security professional to join our Engineering team & be an integral part of developing our Information Security program. Reporting to the Head of Information Security, this person will work closely with many parts of the business, including Engineering, Legal, IT, Support, People & Places, & Finance. Their primary focus will be on assessing & communicating business risk & threats. As an Information Security Risk Analyst, you will also be involved in creating strategy & assisting with security awareness training.

Who you are:

  • You are an inquisitive, curious, critical thinker who is always looking for better ways to tackle cyber security problems

  • Persistent Problem-Solver- You know what it takes to protect the business & as the business changes, you find ways to manage information security in a practical way

  • You are an effective communicator within the information security community & within the business

  • You use data, empathy & good judgement to approach business & people problems

  • You enjoy researching, implementing, & teaching security best practices

  • You are organized, can be flexible, leverage best practices, & most importantly, create solutions for any problem with a can-do attitude.

What you'll own:

  • Conducting, tracking, & following up on vendor risk assessments

  • Conducting quarterly company-wide risk assessments

  • Maintaining the company information security risk registry

  • Assisting with corrective action plans associated with identified risks

  • Responsible for running infrastructure level vulnerability scans, tracking issues, & communicating associated risks

  • Assisting with the development of assessment programs & questionnaires to aid in the identification & mitigation of third party supplier security risks

  • Projecting & quantifying potential impact of risk & communicates them in a manner that can be understood at a technical & executive level

  • Assisting with the communication & enforcement of security design, policies, procedures, solutions, & best practices

  • Assisting with the development of a threat intelligence program

  • Running the procurement & program of annual penetration tests

  • Managing bug bounty engagements & campaigns

  • Managing annual security awareness training for all company team members & ensuring 100% compliance

  • Support the Head of Information Security in all areas of information security

  • Conduct security research to stay on top of the latest security issues

Experience you'll need:

  • Bachelors of Science in CIS/MIS/CS/CE, Engineering/Technology or related field or equivalent experience/training.

  • 5+ years working in Risk, SaaS business or technology industry.

  • Familiarity with security & privacy standards & regulations (E.g. GDPR, SOC II, PCI, ISO 27001/2)

  • Familiarity working with Burp & Nessus vulnerability scanning tools.

  • Familiarity with security tools such as nmap, nikto, jtr, hashcat, openssl, python, etc.

  • Applicable industry certifications (e.g., CIPP/E, CRISC, CISA, CISSP, CISM etc.)

  • Experience in information security risk assessment, business impact analysis, auditing process with a focus on SaaS or technical business.

  • Excellent organization skills, excellent interpersonal skills, problem solving & innovative thinking, attention to detail, ability to work well within a team & have a helpful & positive attitude.

  • Ability to travel up to 20%, including internationally

Additional Information

All your information will be kept confidential according to EEO guidelines.

Apply To Job
© 2020 GarysGuide      About    Feedback    Press    Terms