Security Analyst

Sertifi is a leading technology company dedicated to helping businesses finalize business faster, providing a complete agreements platform for the Hospitality and Travel industry. Brands like Marriott, Topgolf, and AEG Worldwide trust Sertifi to efficiently and securely sign documents, exchange card authorizations, and complete payments with their customers. Sertifi's easy-to-use platform helps tens of thousands of businesses in more than 135 countries, with more than $5 billion in payment requests sent through the system annually. With decades of experience in Hospitality and Travel, Sertifi is building a network that gives guests and travelers across the globe a great experience from the start.

We are currently seeking a Security Analyst who can work cross-functionally demonstrating strong stakeholder engagement and communication skills, strong analytical and problem-solving skills, and the ability to respond to challenges and setbacks in an agile and resilient manner. Professional and ethical, you inspire trust and confidence through integrity and respect, and have the emotional intelligence to lead with empathy, connection, and assertiveness. Innovative and open to change, you are focused on finding opportunities for continuous improvement and ways to optimize work processes.
This role functions as a security expert in many different spaces of security; leading projects and efforts to implement or improve the existing security posture of Sertifi. In this role you will play a critical role in ensuring our organization's adherence to industry-specific and global compliance standards. We are looking for an individual who is passionate about maintaining the highest standards of security and is well-versed in various compliance frameworks such as PCI DSS, SOC 2, SOC 1, HIPAA, CCPA, GDPR, TxRamp, and Cloud Security Alliance.
This position will report to our VP of Security and Compliance.
Candidates must be based in the United States, in Chicago, or within a Sertifi approved state for remote work: 
AZ, CO, FL, GA, IA, ID, IL, IN, MA, MD, ME, MI, MO, NC, NH, NJ, OR, PA, TN, TX, VA, WI 

Throughout the interview and onboarding process, Sertifi also reserves the right to conduct independent reference checks to verify past experience and performance in addition to our standard background check and onboarding procedures. 

Challenges You’ll Tackle:

• Support all aspects of Information Security Data Privacy policies, standards, and processes as it relates to certification and compliance requirements 
• Identify and analyze new requirements for policy impacts; develop and update policies, procedures and guidelines.
• Develop and maintain risk reduction approaches, and assist and manage the intake process, provide oversight and expertise in risk assessments and process/application and third-party reviews
• Remediate control gaps as noted through internal risk assessments and external audit activities
• Owns the ongoing compliance, evidence collection, and all processes, including annual audits
• Supports vulnerability management and responds to vulnerability reports for applicability, while taking remedial actions.
• Support customer’s audit and RFP requests in a timely manner
• Identify, analyze, and interpret trends or patterns in complex data sets
• Provide security expertise and advice to other teams within the company
• Educate and build cybersecurity awareness across the enterprise

What You’ll Need to Succeed:

• 2+ years of experience in IT Security Ops and/or GRC (Governance Risk and Compliance) ops; 4+ years of experience in lieu of an advanced degree from an accredited 4-year college or university
• Experience with IT governance, risk, and compliance management
• Experience with PCI, SOC1/2 Type 2 Audits, and related processes
• Experience writing policies, procedures, and controls in one or more standards/frameworks 
• Ability to properly handle confidential data and strictly follow business process and procedures
• Excellent report writing skills, ability to prepare reports and associated metrics
• Effective communication skills, and the ability to explain security best practices to a non-technical audience
• You are collaborative and with an enterprise mindset, you speak up and welcome all input, opinions, and questions

Nice to haves:

• Jira/Confluence Workflow management and documentation
• Experience reviewing and redlining security terms in contracts
• Any ISC2 / Comp TIA / ISACA Certifications

Physical Requirements:
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. While performing the duties of this Job, the employee is regularly required to sit; use hands to type, use computer, phone, cell phone and other office/home office equipment/technology. Must be able to speak, see, and hear. Must be able to remain in a stationary position for prolonged periods of time.

What’s in it for you: You will work in a collaborative environment that welcomes new ideas and allows you to make an immediate impact on the team. Additionally, we offer great benefits such as: Competitive salary, Unlimited PTO, medical/dental/vision insurance, short-term and long-term disability insurance, 401k with company match, paid parental leave, life insurance, pre-tax Transit Benefit Program.

 Sertifi is proud to be an Equal Opportunity Employer. Sertifi is committed to building a diverse team of talented individuals who bring different perspectives to the business and who feel a sense of inclusion and belonging when they join our team. All individuals seeking employment at Sertifi are considered without regards to race, ethnicity, color, age, sex, religion, national origin, ancestry, pregnancy, sexual orientation, gender identity, gender expression, genetic information, physical or mental disability, registered domestic partner status, caregiver status, marital status, veteran or military status, citizenship status, or any other basis forbidden under federal, state, or local law