Information Security Compliance Associate
Remote in the US
Full Time Mid-level / Intermediate USD 110K - 135K
At Synack, we create technology that unleashes the best cybersecurity talent to secure our digital world.
We protect leading global organizations by reducing companies’ security risk and increasing their resistance to cyber attack. How do we do this? By utilizing the world’s best and most trusted team of ethical hackers who test through our powerful and controlled platform to deliver real security without compromise.
Backed by top-tier venture capital firms including Kleiner Perkins Caufield & Byers, Microsoft, and Google Ventures, Synack's mission is to leverage global security talent coupled with advanced technology to help enterprises discover security vulnerabilities before they become business problems. Discover the possibilities at Synack!
We are looking for a talented Information Security Compliance Associate with a foundational understanding of ISO, SOC, CMMC and FedRAMP compliance. You will work closely with the Engineering teams to ensure proper security controls and monitoring are applied. Sounds interesting? Keep reading…
Please note: This is a remote position based in the U.S. We can only hire U.S. citizens for this position due to federal government contract requirements.
Here’s what you'll do
- Develop and maintain information security documentation such as System Security Plans (SSP), Authorization Boundary Diagrams, Security Control Traceability Matrices, Security Test Procedures, and Plan of Action and Milestones (POA&M)
- Conduct internal information security audits around ISO 27001/2, SOC2, CMMC and FedRAMP security controls
- Communicate regularly with stakeholders on security compliance issues, status of remediation, and assisting in generation of reports and metrics on overall state of the program
- Working with Project Managers and Engineering Leads; Ensuring appropriate information security policies, standards, procedures, and guidelines are being incorporated across services and infrastructure
- Manage and track remediation of identified risks and vulnerabilities and provide appropriate reporting to all interested parties
- Coordinate with the field teams to respond to vendor security assessments
- Assist with Third-Party Risk Management (TPRM), compiling evidence and organizing responses
Here's what you'll need
- 3+ years of experience IT Security Strategy, Risk Management, IT Audit and Compliance with a Cloud Service Provider
- Working knowledge of security regulations, standards, and frameworks, including but not limited to ISO27000, SOC2, GDPR, CMMC, FedRAMP, and NIST
- Experience with Enterprise Governance, Risk Management, and Compliance (GRC) tools
- Experience with Security Information and Event Management (SIEM) and alerting tools such as Sentinel, Google Cloud Monitoring & Logging or Splunk
- Experience with vulnerability scanning and management tools like Prisma Cloud and Nessus.
- Understanding of how different compliance frameworks overlap and supplement each other
- Strong work ethic with the ability to think outside of the box
- Excellent written and verbal communication skills with the ability to accurately communicate security and risk-related information to technical and non-technical audiences
Ready to join us?
Synack is committed to embracing diversity. Our people are our strength. Each addition to our team is an opportunity to grow and diversify our ideas, experiences, and viewpoints. We strive to be inclusive of Race, Ethnicity, Religion, Sex, LGBTQ+, Veterans, Disabilities, and Age. Synack welcomes you!
As a candidate, Synack cares about your privacy. Please view our candidate privacy policy here.
($110,000 - $135,000 p/y) Salary is determined by a combination of factors including location, level, relevant experience, and skills. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. The compensation package for this position may also include equity, and benefits.
For more details about our benefits, please see here. Then for the Employer code, enter: synack
Tags: Audits Cloud CMMC Compliance FedRAMP GCP GDPR Governance ISO 27000 ISO 27001 Monitoring Nessus NIST POA&M Privacy Risk management Security assessment Security strategy SIEM SOC SOC 2 Splunk Strategy System Security Plan Vulnerabilities
Perks/benefits: Career development Equity
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs