Information Security Analyst - GRC - code42 software
Remote, NC
About the Job
Information Security Analyst - Governance, Risk, and Compliance (GRC)
*Currently we are only considering candidates in the following locations:
- Georgia
- Michigan
- Minnesota
- Maryland
- Massachusetts
- Ohio
- New York
- North Carolina
- South Carolina
- Virginia
Who We Are:
CrashPlan® provides peace of mind through easy-to-use, automatic endpoint data backup. We help organizations recover from any worst-case scenario, whether it is a disaster, simple human error, a stolen laptop, ransomware or an as-of-yet undiscovered calamity. We continue to innovate as the landscape of work evolves, which makes CrashPlan foundational to organizations’ data security. What starts as endpoint backup and recovery becomes a solution for ransomware recovery, breaches, migrations, and legal holds.
What You Will Be Doing:
We are recruiting for a Information Security Analyst - GRC to join our team. As a key member of the CrashPlan Information Security Team, you will be supporting the governance, risk management and compliance functions. We believe in smart security and in your role you will look for meaningful ways to manage risk, ensure compliance, and work with teams to implement better security practices.
Key Responsibilities:
- Developing and implementing policies, procedures and controls to manage risks and ensure compliance with applicable regulations
- Conducting security and privacy risk assessments and identifying potential risks and security consulting engagements
- Monitoring compliance with regulations and industry standards (e.g. SOC2, ISO 27001, PCI-DSS, NIST 800-53, GDPR)
- Conducting internal audits to ensure compliance with regulations and industry standards
- Managing the compliance reporting process
- Maintaining reporting and tracking for identified information security and privacy risks and working closely with risk owners to remediate
- Executing periodic business continuity and disaster recovery testing
- Supporting external audits, gathering and reviewing evidence, interfacing with auditors (e.g. SOC2, ISO 27001))
- Prioritizing risks efficiently and appropriately; challenging assumptions and methodologies
- Developing and maintaining cross-functional partnerships, and partnering with SMEs to determine appropriate risk-based remediation strategies
What You Bring:
Required Qualifications:
- Bachelor’s Degree in Computer Science, Information Systems, Cybersecurity, or related discipline and/or equivalent experience
- 3+ years professional experience in a similar role
- Knowledge of/experience working with NIST 800-53, SOC2, ISO 27001, PCI-DSS and/or other relevant security frameworks
- Knowledge of/experience conducting risk assessments, risk management frameworks, governance and Policy management
- Strong analytical and problem solving skills
- Strong communication skills and a relationship focused approach
Preferred Qualifications:
- Experience with FedRAMP/StateRAMP and GDPR/ Privacy frameworks and conducting risk assessments and impact analysis
- One or more information security or privacy certifications (e.g. CISSP, CISM, CIPP)
The base salary range for this position is $87,000 - $110,000. This position is eligible for an annual bonus based on individual and company performance in addition to a full range of benefits. Final compensation will be dependent on various factors relevant to the position and the candidate such as geographical location, candidate qualifications, certifications, relevant job-related work experience, education, skillset and other relevant business and organizational factors, consistent with applicable law. This information is provided per the relevant state and local pay transparency laws for the location in which this position will be performed.
Source : code42 software
