2 days ago

Logo of Pax8

GRC Analyst

$76k - $76k

Pax8

RemoteUSNorth AmericaAmericas
Pax8 is the leading cloud-based technology marketplace, simplifying the cloud journey for our partners by integrating technology, business intelligence and proactive service to deliver an unparalleled experience. Serving thousands of partners through the indirect sales channel, our mission is to be the world’s favorite place to buy cloud products. We are a fast-growing, dynamic and  high-energy startup organization, allowing you to make a meaningful impact on the business. Culture is important to us, and at Pax8, it’s business, and it IS personal. We are passionate, creative and humorously offbeat. We work hard, keep it fun, and expect the best. 
 
We Elev8 each other. We Advoc8 for our partners. We Innov8 continuously. We Celebr8 life.

No matter who you are, Pax8 is a place you can call home. We know there’s no such thing as a “perfect candidate, so we don’t look for the right fit – instead, we look for the add. We encourage you to apply for a role at Pax8 even if you don’t meet 100% of the bullet points. We believe in cultivating an environment with a diversity of perspectives, in hopes that we can all thrive in an inclusive environment. 

We are only as great as our people. And we have great people all over the world. No matter where you live and work, you’re a part of the Pax8 team. This means embracing hybrid- and remote-work whenever possible.  

Position Summary:

The Security GRC Analyst is focused on ensuring Pax8’s security incident response is coordinated, documented, and messaged with key stakeholders. They oversee the delivery of an up-to-date incident response plan, execution of IR tabletop exercise, and day-to-day coordination of any security related incidents that require leadership involvement. Additionally, the Analyst supports the maturity efforts of the third-party risk management security program. Third party risk program focuses on internal supplier and vendor marketplace security risk reviews and assurance efforts.  They are a key member of the Trust and Security team, providing guidance and direction to security professionals and collaborating with other departments across the organization.

Essential Responsibilities:

  • Manage inquiries and requests related to incident response through cross-functional team coordination.
  • Oversee execution of incident response tabletop exercises.
  • Participate in security program improvements and tool selection efforts aligned with the security incident response and resilience.
  • Develop and maintain security procedures for incident management and response by defining and documenting security best practices for managing an incident management process.
  • Stay up-to-date on industry trends and best practices by continuously learning and adapting the security program to address evolving threats.
  • Collaborate with other departments by partnering with IT, engineering, legal, data management office, HR, and other departments to ensure security considerations are integrated into all business processes.
  • Measure and report on security performance by tracking key metrics (KPIs/KRIs), identifying areas for improvement, and reporting to the GRC leader and other stakeholders.
  • Collaborate on building out an improved third-party risk management program that supports risk reviews of our internal suppliers and marketplace vendors.
  • Perform risk assessments on third parties, track security risks, and promote strong compliance practices.

Ideal Skills, Experience, and Competencies:

  • At least three (3) years of experience in IT security role with incident management or response related experience.
  • Proven experience in resilience and security incident response efforts (e.g. understand asset criticality, data classification, business impact, key stakeholder engagement and strong cross-functional communications).
  • Understanding of public cloud deployments and associated security risks and controls.
  • Experience working in a Zero Trust focused security program.
  • Strong understanding of security best practices and frameworks (e.g., MITRE ATT&CK, NIST Cybersecurity Framework, ISO 27001:2022 and SOC2 audit efforts).
  • Excellent communication, interpersonal, and leadership skills.

Recommended Education & Certifications:

  • B.A./B.S. in a related field or equivalent work experience.
  • Risk Focused Certifications such as CISA, CRISC, CISSP is a plus

Compensation:

  • Qualified candidates can expect a salary beginning at $76,000 or more depending on experience

Expected Closing Date: 09/20/24

## LI-Remote ## LI-AG1 ## BI-Remote ## DICE-A

*** Colorado law requires an estimated closing date for job postings. Please dont be discouraged from applying if you see this date has passed ***
 
*Note: Compensation is benchmarked on local Denver Metro area market rates. Qualified candidates in other locations can expect a salary package that may be adjusted based off applicable cost of wages in their respective location.
At Pax8 we believe that your Total Rewards should include a benefits package that shows how much we value our greatest assets. All FTE Pax8 people enjoy the following benefits:
  • Non-Commissioned Bonus Plans or Variable Commission
  • 401(k) plan with employer match
  • Medical, Dental & Vision Insurance
  • Employee Assistance Program
  • Employer Paid Short & Long Term Disability, Life and AD&D Insurance
  • Flexible, Open Vacation
  • Paid Sick Time Off
  • Extended Leave for Life events
  • RTD Eco Pass (For local Colorado Employees)
  • Career Development Programs
  • Stock Option Eligibility
  • Employee-led Resource Groups
 Pax8 is an EEOC Employer.
Equal Opportunities
Pax8 is an equal opportunities employer and welcome individuals who are in possession of the appropriate requirements to work within the country the role is based in. Offered individuals will be asked to undertake identity, security compliance and reference checks. Your privacy is important to us. Your data will be held in accordance with Data Privacy best practices and processed only in accordance with our recruiting processes.