Information Security Analyst

Company Description

Cricut® makes smart cutting machines that work with an easy-to-use app, an ever-growing collection of materials, and crafting essentials to help you design and personalize almost anything — custom cards, unique apparel, everyday items, and so much more.

Let’s make.

Overview

We believe everyone is born creative. We’re a diverse tapestry of thinkers, dreamers, givers, DIYers, handi-workers, artisans, and forever and always architects of things.

At Cricut, we place the power of handmade into the hands of all. We give you beautiful, easy-to-master tools so you can make something unique, remarkable, perfect. We surround you with ideas, community, inspiration, and encouragement to take your creativity further than you ever imagined. And as a community, we celebrate the exhilarating act of making every single day.

So, make that handcrafted card that feels like a hug. Design a shirt for fun, for family, or for a full-blown business. Craft with a passion or for a purpose. Make something big and bold, itsy-bitsy, amazingly ambitious, or just plain silly. Whatever you make, just make your heart out. Because here’s the remarkable truth: When we all make together, we make all things possible.

Let’s make.

Job Description

We are seeking an experienced Information Security Analyst to join our dynamic team. The successful candidate will be responsible for protecting our organization's information assets by identifying, assessing, and mitigating security risks. The ideal candidate will have a minimum of six years of experience in information security, with a strong background in security operations, incident response, and risk management.

Key Responsibilities:

• Conduct ongoing security assessments and audits to identify vulnerabilities, weaknesses, and threats to our information systems and assets.
• Monitor security alerts and incidents, investigate security breaches or incidents, and develop response strategies to mitigate risks and minimize impact.
• Implement and manage security controls, tools, and technologies to safeguard our networks, systems, and data against unauthorized access, misuse, or destruction.
• Collaborate with cross-functional teams to develop, implement, and enforce security policies, standards, and procedures to ensure compliance with regulatory requirements and industry best practices.
• Perform risk assessments and security reviews of third-party vendors, partners, and service providers to evaluate their security posture and ensure the protection of our shared resources.
• Provide security awareness training and guidance to employees on security best practices, policies, and procedures to enhance their understanding and adherence to security requirements.
• Stay informed about emerging threats, vulnerabilities, and security trends, and recommend proactive measures and controls to address potential risks and protect against future attacks.
• Participate in security incident response exercises, tabletop simulations, and post-incident reviews to continuously improve our incident response capabilities and resilience.
• Maintain documentation of security incidents, investigations, and remediation activities, and prepare reports and presentations for management and stakeholders as needed.
• Collaborate with external auditors, regulators, and compliance officers to support audits, assessments, and certifications related to information security and privacy.

Qualifications

• Bachelor's degree in Computer Science, Information Security, or related field.
• Minimum of six years of experience in information security, with a focus on security operations, incident response, and risk management.
• Professional certifications such as Certified Ethical Hacker certification is highly desirable.
• In-depth knowledge of security principles, practices, technologies, and standards, including but not limited to network security, endpoint protection, cryptography, and access control.
• Hands-on experience with security tools and technologies, such as SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection/Prevention Systems), firewalls, and vulnerability scanners.
• Strong analytical and problem-solving skills, with the ability to assess complex security issues and develop effective solutions.
• Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams and communicate technical concepts to non-technical audiences.
• Proven ability to work independently, prioritize tasks, and manage multiple projects simultaneously in a fast-paced environment.

Additional Information

What to Do Next: 

Please attach your resume including links to your portfolio where applicable. If you want to show your super powers in other ways – include that information too. You can be sure that Cricut® is an employer who values individuality, equality and diversity, so tell us what you’re all about. If you are a Maker or a DIY enthusiast, whether you think you are a good one or not, we would love to hear about it when you send us your information!

At Cricut®, we celebrate inclusion and diversity. Cricut is an equal opportunity employer and makes employment decisions based on merit. Cricut prohibits discrimination based on race, color, religion, sex, sexual identity, gender identity, marital status, veteran status, nationality, citizenship, age, disability, medical condition, pregnancy, or any other unlawful consideration. All your information will be kept confidential according to EEO guidelines. Cricut participates in E-Verify.