Senior GRC Security Analyst
Somerville, Massachusetts, United States
SmartBearTesting and Development teams around the world use SmartBear's automation, development and monitoring tools to build better software and applications.
Quality isn’t just a goal. It’s the whole point.
Our customers are under a lot of pressure to deliver great software. But to compress lifecycles, add features, and compete in a world where ‘every company is now a software company’ is hard. And one mistake can mean their reputation, even future. That’s why it’s our mission to help. At any part of their software development lifecycle (SDLC), we provide the tools and discipline to focus on quality while streamlining their processes. So our customers can create and deploy software that works as designed – especially when it’s needed most. And we’re looking for people to join us.
SmartBear is seeking a GRC Security Analyst who will be responsible for supporting the security direction of the business and elevating the company's security posture. In tandem with security leadership, the GRC security analyst consistently assesses and validates the assurance of the security program. As a primary point of contact for internal and external auditors, the GRC security analyst monitors progress and enforces the resolution of outstanding issues that may lead to non-compliance or security threats to the business.
Essential Job Duties:
• Conduct enterprise-wide, ongoing risk analysis in tandem with compliance and security.
• Assist in maturing the risk management oversight for the organization, including helping to formulate an enterprise risk management committee.
• Key role in deploying and maintaining oversight of an identified GRC-related platform.
• Identify strengths and weaknesses in the security program related to privacy, security, business resiliency, and compliance frameworks.
• Document, formulate, and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
• Maintain strong oversight of third parties, vendors, and business partners to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered.
• Analyze findings, and document, recommend and report program gaps to security leadership.
• Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. Apply GRC expertise across key lines of business, including products, practices, and procedures.
• Ensure security and technology teams maintain up-to-date configuration documentation for systems and processes. Maintain rigorous oversight of security systems and security configuration administration to reduce risk to the enterprise systems and accounts.
• Act as a key participant in incident response to track occurrence and resolution, with strict documentation and reporting.
• Work with security, audit, and risk management leadership to perform ongoing security program assessments and create annual strategic technology and budgetary directives.
• Act as a point of contact for disaster recovery and business continuity related to security frameworks, compliance, and privacy laws.
Skills and Experience:
• 5+ years experience in cybersecurity as a practitioner and 2 to 3+ years of exposure to various security frameworks.
• Strong business acumen and security technology skills for well-rounded proficiency and proven ability to align with security practices and compliance responsibilities.
• Experience and understanding of various regulatory requirements, laws, and frameworks, including but not limited to PCI, ISO 27001/2, NIST CSF, GDPR, and other privacy requirements.
• Exceptional written and verbal communication skills and proven ability to translate security and risk to all levels of the business.
• Capacity to understand the legacy, progressive technology, security controls, and respective risk. Working knowledge of cloud computing, DevOps, and application security is required.
• Up-to-date understanding of a wide range of incident response, system configuration, vulnerability management, and hardening guidelines.
• Familiarity with state, federal, and international privacy laws.
• Preferred experience with cloud environments such as Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure.
• Prior experience with leading GRC systems from vendors such as RSA, MetricStream, and IBM.
• Demonstrated problem-solving capabilities and ability to manage complex local and international security requirements.
• Self-motivated, directed, and well-organized, with the vision to position controls in anticipation of threats.
• Successful track record of managing external entities' contracts and relationships and mitigating risks to business development opportunities.
• Holds or is working toward one or more certifications, including CISSP, CISA, CISM, CRISC, CGEIT, or GRCP.
At SmartBear, we focus on your one priority that never changes: quality. We know delivering quality software over and over is complicated. So our tools are built to streamline your process while seamlessly working with the products you use – and will use. Whether it’s TestComplete, Swagger, Cucumber, ReadyAPI, Zephyr, or one of our other tools, we span from test automation, API lifecycle, collaboration, performance testing, test management, and more. Whichever you need, they’re easy to try, easy to buy, and easy to integrate. We’re used by 15 million developers, testers, and operations engineers at 24,000+ organizations – including world-renowned innovators like Adobe, JetBlue, FedEx, and Microsoft. Wherever you’re going, we’ll help you get there. Learn more at smartbear.com, or follow us on LinkedIn, Twitter, or Facebook.SmartBear is an equal employment opportunity employer and encourages success based on our individual merits and abilities without regard to race, color, religion, gender, national origin, ancestry, mental or physical disability, marital status, military or veteran status, citizenship status, age, sexual orientation, gender identity or expression, genetic information, medical condition, sex, sex stereotyping, pregnancy (which includes pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), or any other legally protected status. #LI-JG1
Other jobs like this
Explore more Cyber Security career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cybersecurity in general, filtered by job title or popular skill, toolset and products used.
- Open Cyber Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Penetration Tester jobs
- Open Senior DevSecOps Engineer jobs
- Open Application Security Engineer/Architect jobs
- Open Senior Security Operations Engineer jobs
- Open Cyber Threat Intelligence Analyst jobs
- Open Staff Security Engineer jobs
- Open Head of Information Security jobs
- Open Lead Security Engineer jobs
- Open SOC Analyst jobs
- Open Cyber Security Analyst jobs
- Open Information System Security Officer (ISSO) jobs
- Open Cybersecurity Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Cloud Security Automation Specialist jobs
- Open Senior Threat Intelligence Analyst jobs
- Open Offensive Security Engineer jobs
- Open Information Security Officer jobs
- Open Cloud Security Operations Lead jobs
- Open Azure Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open DevOps-related jobs
- Open Application security-related jobs
- Open Analytics-related jobs
- Open Audits-related jobs
- Open PCI-related jobs
- Open OWASP-related jobs
- Open Threat intelligence-related jobs
- Open Clearance-related jobs
- Open Security assessments-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open Splunk-related jobs
- Open Ruby-related jobs
- Open CEH-related jobs
- Open Encryption-related jobs
- Open CISM-related jobs
- Open GDPR-related jobs
- Open Agile-related jobs
- Open Open Source-related jobs
- Open Threat detection-related jobs
- Open OSCP-related jobs
- Open Intrusion detection-related jobs
- Open Machine Learning-related jobs
- Open DevSecOps-related jobs