Security Analyst
About The Position
Working under the Compliance Manager, the Security Analyst is a key member of the Validity's Security team. With a focus on information security knowledge and experience, the Security and Compliance Analyst will assist the team in maintaining Validity's industry compliance certifications and audit requirements, assisting with the sales support process and reviewing & following up on logs and alerts from the SIEM solution. Efforts will include strengthening security and compliance standards, continuously maintain the established ISO 27001/27701 certification and SOC 2 programs and participate in supporting sales focused due diligence engagements for customers and prospects.
Requirements
- Minimum 2 years of work experience in an information security or compliance-based role
- Experience participating in SOC 2, ISO 27001, or equivalent audits
- Experience processing due diligence and RFP documentation and questionnaires
- 1+ years knowledge of AWS and Azure Cloud
- 2+ years experience with Incident Response
- Familiarity with vulnerability management program methodologies
- Experience with security related technology and tool sets
- Excellent written and verbal communication skills
- Ability to maintain professional, positive demeanor in high-pressure circumstances
- Ability to look creatively at the big picture, to follow trends beyond obvious attributes
- Collaborative mindset - a track record of cross-functional success in a team environment
- Manage multiple projects/issues concurrently
Responsibilities
- Gather evidence to support Validity's external SOC 2 and ISO 27001/27701 assessments and customer audits
- Support the sales process by completing fielding due diligence requests, completing questionnaires, and redlining security addendum documents as needed
- Working with engineering teams, maintain vulnerability management dashboards from various security tool sources (Tenable, AWS, Snyk)
- Gain a thorough understanding of Validity's products and services to identify where new compliance and security efforts could minimize operational risk
- Monitor and respond to alerts generated by the Security Information Event Management (SIEM) system
- Collaborate with management and key stakeholders on information security and compliance program development, maintenance, and enforcement to minimize Validity's risk exposure
- Support KPI collection and reporting results to make continuous compliance program improvements
- Support design and implementation of systems and processes to track, monitor, and report compliance with information security and compliance policies and procedures as well as program performance
- Collaborate on critical security, compliance, and IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle
- Conduct internal user access, phish training tracking, and other compliance related reviews throughout the year
Benefits
- benefits
- bonus opportunities
- stock options
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
