GRC Analyst
Pax8
2 days ago
No matter who you are, Pax8 is a place you can call home. We know there’s no such thing as a “perfect candidate, so we don’t look for the right fit – instead, we look for the add. We encourage you to apply for a role at Pax8 even if you don’t meet 100% of the bullet points. We believe in cultivating an environment with a diversity of perspectives, in hopes that we can all thrive in an inclusive environment.
We are only as great as our people. And we have great people all over the world. No matter where you live and work, you’re a part of the Pax8 team. This means embracing hybrid- and remote-work whenever possible.
Position Summary:
The Security GRC Analyst is focused on ensuring Pax8’s security incident response is coordinated, documented, and messaged with key stakeholders. They oversee the delivery of an up-to-date incident response plan, execution of IR tabletop exercise, and day-to-day coordination of any security related incidents that require leadership involvement. Additionally, the Analyst supports the maturity efforts of the third-party risk management security program. Third party risk program focuses on internal supplier and vendor marketplace security risk reviews and assurance efforts. They are a key member of the Trust and Security team, providing guidance and direction to security professionals and collaborating with other departments across the organization.
Essential Responsibilities:
- Manage inquiries and requests related to incident response through cross-functional team coordination.
- Oversee execution of incident response tabletop exercises.
- Participate in security program improvements and tool selection efforts aligned with the security incident response and resilience.
- Develop and maintain security procedures for incident management and response by defining and documenting security best practices for managing an incident management process.
- Stay up-to-date on industry trends and best practices by continuously learning and adapting the security program to address evolving threats.
- Collaborate with other departments by partnering with IT, engineering, legal, data management office, HR, and other departments to ensure security considerations are integrated into all business processes.
- Measure and report on security performance by tracking key metrics (KPIs/KRIs), identifying areas for improvement, and reporting to the GRC leader and other stakeholders.
- Collaborate on building out an improved third-party risk management program that supports risk reviews of our internal suppliers and marketplace vendors.
- Perform risk assessments on third parties, track security risks, and promote strong compliance practices.
Ideal Skills, Experience, and Competencies:
- At least three (3) years of experience in IT security role with incident management or response related experience.
- Proven experience in resilience and security incident response efforts (e.g. understand asset criticality, data classification, business impact, key stakeholder engagement and strong cross-functional communications).
- Understanding of public cloud deployments and associated security risks and controls.
- Experience working in a Zero Trust focused security program.
- Strong understanding of security best practices and frameworks (e.g., MITRE ATT&CK, NIST Cybersecurity Framework, ISO 27001:2022 and SOC2 audit efforts).
- Excellent communication, interpersonal, and leadership skills.
Recommended Education & Certifications:
- B.A./B.S. in a related field or equivalent work experience.
- Risk Focused Certifications such as CISA, CRISC, CISSP is a plus
Compensation:
- Qualified candidates can expect a salary beginning at $76,000 or more depending on experience
Expected Closing Date: 09/20/24
## LI-Remote ## LI-AG1 ## BI-Remote ## DICE-A
- Non-Commissioned Bonus Plans or Variable Commission
- 401(k) plan with employer match
- Medical, Dental & Vision Insurance
- Employee Assistance Program
- Employer Paid Short & Long Term Disability, Life and AD&D Insurance
- Flexible, Open Vacation
- Paid Sick Time Off
- Extended Leave for Life events
- RTD Eco Pass (For local Colorado Employees)
- Career Development Programs
- Stock Option Eligibility
- Employee-led Resource Groups