About the Team:
It is the Security team's mission to safeguard the confidentiality, integrity, and availability of information systems, identity, and data assets. We provide proactive security expertise, creating and maintaining a resilient and secure infrastructure, and fostering a culture of security awareness and compliance throughout the organization. Security also acts as business partners across the organization, to make security a first class citizen, and strive to work cross functionally to secure system and network resources whAbout the role:
As an integral member of the Information Security team, reporting to the Director of Information Security, the responsibility of the GRC Analyst is to help support the day-to-day assurance operations related to policy compliance, process and security requirements governance, as well as risk management functions. You will be responsible for the collection and management of data from multiple systems to allow for proper reporting of the Information Security program effectiveness through risk analysis and trends. The ideal candidate will have knowledge of risk management, security and privacy practices and be an effective communicator, both written and verbal.One year from now you will have:
- Worked to revamp policy and procedure docs to guide internal stakeholders and provide external stakeholders with the most pertinent knowledge of our Security posture.
- Worked with the Director of Information Security to complete our annual third party attestations, including; SOC 2 type II, HIPAA and Penetration testing.
- Worked to refine the Risk Management process with key stakeholders across the business.
- Aided in creating a more secure product for our customers.
- Built strong working relationships across the organization.
- Aid the Director of Information Security in implementing the enterprise-wide strategy and key initiatives focused on the reduction of technology risk, governance and compliance to policies and external regulatory compliance
- Work with IT and business teams to perform security and compliance assessments on new and existing systems, processes, and technology
- Collaborate to define Information Security requirements and develop / update associated policies
- Support internal and external audit processes for relevant compliance concerns
- Participate in disaster recovery and business continuity planning and exercises, as appropriate
- Tactically operate the systems for: risk register management, vendor and software risk assessments, incident-related risk logging and mitigation, data subject access request workflows and management, management for the configuration of cookie compliance, enterprise policy management, and data mapping
- Assist with the education and awareness programs to promote and foster the delivery of systems and services with security and privacy controls built-in.
- Establish and foster relationships with the various areas of the business to build rapport and be viewed as a trusted partner to help teams deliver on their commitment of compliance with security and privacy policies and regulations.
- 3-5 years of Information security, Governance, Risk and Compliance experience
- Bachelor’s degree in Information Systems, Cybersecurity or related field
- Experience in documenting Risk and Compliance activities
- Possess strong comprehension of security and risk
- Understanding of common security control frameworks, like SOC 2 type II and HIPAA
- Strong written and oral communication skills
- Knowledge and experience with Security best practices for cloud infrastructure and SaaS tooling
- Knowledge of configuration management, change control/problem management integration, risk assessment and acceptance, exception management and security baselines (e.g. CIS Baselines, NIST, vendor security technical implementation guides, etc.)
- Information Security, Privacy or GRC related certifications are a plus: CRISC, CIPP, CDPSE, CISA, CISSP
- Work with a fun, inclusive, and smart team of people as we build a NYC-based enterprise software company!
- Competitive compensation package, including significant equity component
- Backed by top-tier VCs (Sequoia, Andreessen Horowitz, FirstMark Capital)
- Top notch health insurance benefits, including 12 weeks paid parental leave for both parents.
- We have officially opened a beautiful new office right on Madison Square Park! All NYC-based employees currently have the option to return to the office 3 days per week on an “opt-in” basis. We plan to officially reopen our office in the beginning of 2022.
- Check out this blog post here to learn how we designed our return to work plans.
- Work from Home stipend to optimize office set up.
ActionIQ is committed to building an inclusive, equitable, and diverse organization. We embrace equal opportunity for all applicants and seek to foster a culture of belonging for our employees. We recognize and appreciate that the more inclusive we are, the better we will function as a team. AIQ welcomes qualified applicants of any race, color, ancestry, religion, sex, national origin, gender identity, gender expression, age, marital or family status, disability, military veteran status, and any other status or background. Join us on our journey to build a product that will help our customers deliver memorable experiences that will drive loyalty and growth.