Senior GRC Security Analyst

Quality isn’t just a goal. It’s the whole point.

Our customers are under a lot of pressure to deliver great software. But to compress lifecycles, add features, and compete in a world where ‘every company is now a software company’ is hard. And one mistake can mean their reputation, even future. That’s why it’s our mission to help. At any part of their software development lifecycle (SDLC), we provide the tools and discipline to focus on quality while streamlining their processes. So our customers can create and deploy software that works as designed – especially when it’s needed most. And we’re looking for people to join us.

SmartBear is seeking a GRC Security Analyst who will be responsible for supporting the security direction of the business and elevating the company's security posture. In tandem with security leadership, the GRC security analyst consistently assesses and validates the assurance of the security program. As a primary point of contact for internal and external auditors, the GRC security analyst monitors progress and enforces the resolution of outstanding issues that may lead to non-compliance or security threats to the business. 

Essential Job Duties:

•    Conduct enterprise-wide, ongoing risk analysis in tandem with compliance and security.
•    Assist in maturing the risk management oversight for the organization, including helping to formulate an enterprise risk management committee.
•    Key role in deploying and maintaining oversight of an identified GRC-related platform.
•    Identify strengths and weaknesses in the security program related to privacy, security, business resiliency, and compliance frameworks.
•    Document, formulate, and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
•    Maintain strong oversight of third parties, vendors, and business partners to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered.
•    Analyze findings, and document, recommend and report program gaps to security leadership.
•    Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. Apply GRC expertise across key lines of business, including products, practices, and procedures.
•    Ensure security and technology teams maintain up-to-date configuration documentation for systems and processes. Maintain rigorous oversight of security systems and security configuration administration to reduce risk to the enterprise systems and accounts.
•    Act as a key participant in incident response to track occurrence and resolution, with strict documentation and reporting.  
•    Work with security, audit, and risk management leadership to perform ongoing security program assessments and create annual strategic technology and budgetary directives.
•    Act as a point of contact for disaster recovery and business continuity related to security frameworks, compliance, and privacy laws.

Skills and Experience:

•    5+ years experience in cybersecurity as a practitioner and 2 to 3+ years of exposure to various security frameworks.
•    Strong business acumen and security technology skills for well-rounded proficiency and proven ability to align with security practices and compliance responsibilities. 
•    Experience and understanding of various regulatory requirements, laws, and frameworks, including but not limited to PCI, ISO 27001/2, NIST CSF, GDPR, and other privacy requirements.
•    Exceptional written and verbal communication skills and proven ability to translate security and risk to all levels of the business.
•    Capacity to understand the legacy, progressive technology, security controls, and respective risk. Working knowledge of cloud computing, DevOps, and application security is required.
•    Up-to-date understanding of a wide range of incident response, system configuration, vulnerability management, and hardening guidelines. 
•    Familiarity with state, federal, and international privacy laws.

Preferred Qualifications:

•    Preferred experience with cloud environments such as Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure. 
•    Prior experience with leading GRC systems from vendors such as RSA, MetricStream, and IBM.
•    Demonstrated problem-solving capabilities and ability to manage complex local and international security requirements.
•    Self-motivated, directed, and well-organized, with the vision to position controls in anticipation of threats. 
•    Successful track record of managing external entities' contracts and relationships and mitigating risks to business development opportunities.
•    Holds or is working toward one or more certifications, including CISSP, CISA, CISM, CRISC, CGEIT, or GRCP.

About SmartBear

At SmartBear, we focus on your one priority that never changes: quality. We know delivering quality software over and over is complicated. So our tools are built to streamline your process while seamlessly working with the products you use – and will use. Whether it’s TestComplete, Swagger, Cucumber, ReadyAPI, Zephyr, or one of our other tools, we span from test automation, API lifecycle, collaboration, performance testing, test management, and more. Whichever you need, they’re easy to try, easy to buy, and easy to integrate. We’re used by 15 million developers, testers, and operations engineers at 24,000+ organizations – including world-renowned innovators like Adobe, JetBlue, FedEx, and Microsoft. Wherever you’re going, we’ll help you get there. Learn more at smartbear.com, or follow us on LinkedIn, Twitter, or Facebook.