Cybersecurity Governance Specialist

Security Analyst Role

The primary function of this role is to manage third-party and customer assessment processes, maintain our Information Security Management System (ISMS), and support security audits such as ISO 27001, SOC 2, and TISAX Lv3. Additionally, the incumbent will assist in ongoing assessments testing company security procedures, mechanisms, and controls.

This position requires a strong background in information security policies, standards, and procedures, with experience in developing and maintaining formal sets of policies, procedures, and standards according to ISO/IEC 27001:2013. The ideal candidate will also have excellent communication skills and be able to interact effectively with external parties and internal teams.

Key Responsibilities:

• Develop and maintain a formal set of Information Security policies, procedures, and standards according to ISO/IEC 27001:2013.
• Conduct annual reviews of the company's information security policies, procedures, and standards.
• Oversee and/or assist in ongoing assessments testing the company's security procedures, mechanisms, and controls.
• Serve as a liaison for the implementation of security controls derived from policies, standards, and procedures.
• Perform Vendor Security Assessment process before contracting services or applications with third parties.
• Manage Risk Assessment reviews and coordinate remediation with Data Owners.
• Support security audits such as ISO 27001, SOC 1 and SOC 2 audits, including preparing meetings, communicating with auditors and internal stakeholders, and reviewing controls and evidence accuracy.
• Assist in physical security development for company sites.
• Oversee Disaster Recovery Plan development.
• Develop Performance Indicators to evaluate security standards and controls.
• Provide training guidance and assistance in identifying, implementing, and maintaining organization privacy policies and procedures.
• Manage Customer Security Assessments by collaborating with Sales, Customer Success and Legal to review agreements with customers, respond to questionnaires, or share compliance documentation to ensure compliance with customer requirements.

Minimum Requirements:

• At least 3 years in a similar role.
• ISO/IEC 27001, CISSP, CISA, or other security certifications desired.
• Excellent communication skills.
• Jira usage knowledge.
• Spoken and written English proficiency.
• Practical experience in audit and risk assessment.
• Knowledge of Information Security and Privacy related laws and regulations in the US and EU.
• Knowledge of other information security standards beyond ISO/IEC 27001:2013 and SOC 1 and SOC 2 (e.g., NIST 800-53, CIS Controls), and regulations related to information security and data privacy (GDPR, FERPA, CCPA), including risk identification and analysis.

What We Offer:

• A challenging role in shaping the future of protecting critical applications and a career that grows as the company grows.
• A unique culture of high achievement and teamwork.
• Supportive and humble colleagues who are top problem solvers and innovators.

We protect the business applications that run the global economy. Our platform delivers vulnerability management, change assurance, and continuous compliance for business applications from leading vendors. We proudly serve hundreds of the world's leading brands, including close to 30% of the Forbes Global 100, six of the top 10 automotive companies, five of the top 10 chemical companies, four of the top 10 technology companies, and three of the top 10 oil and gas companies.