Information Security Analyst - GRC - Remote

Overview

We are seeking a highly motivated and detail-oriented Information Security Analyst - GRC to join our growing team. This role is critical in ensuring the confidentiality, integrity, and availability of our information assets. The ideal candidate will have a strong understanding of security frameworks, risk management principles, and compliance requirements. This position will focus on Governance, Risk, and Compliance activities, including vendor risk management, policy management, security reviews, and internal audits.

In Short

• Manage and perform third-party risk assessments and annual security reviews for existing and new vendors.
• Schedule and facilitate the annual compliance tasks, such as tabletop Disaster Recovery exercise, policy reviews, internal audits.
• Conduct internal security audits and perform gap analyses to identify vulnerabilities and areas for improvement.
• Manage the lifecycle of security policies, including development, updates, approvals, and communication.
• Schedule and conduct quarterly access reviews to ensure appropriate system access privileges.
• Monitor and improve system security alerts from various platforms.
• Improve and maintain security documentation for our Trust Center.
• Assist with the completion of security-related sections of Request for Proposal (RFP) questionnaires.

Requirements

• Bachelor's degree in Computer Science, Information Security, or a related field preferred.
• 2+ years of experience in Information Security, with a focus on GRC activities.
• Strong understanding of security frameworks (e.g., NIST, ISO 27001, SOC 2) and regulatory requirements (e.g., GDPR, CPPA, HIPAA).
• Experience with vendor risk management methodologies and tools.
• Experience with policy development and management.
• Familiarity with security monitoring tools and incident response processes.
• Excellent communication, interpersonal, and organizational skills.
• Ability to work independently and as part of a team.
• Relevant certifications (e.g., CompTIA Security+, CISA, CISSP) are a plus.

Benefits

• Empowered team members solving problems proactively.
• Creative solutions and shared purpose.
• Recognition and celebration of successes.
• Commitment to an inclusive environment.
• Fair and equitable compensation practices.