Senior Information Security Compliance Analyst

Company Background

ThreatConnect, Inc. provides cybersecurity software that reduces complexity for everyone, makes decision-making easy by turning intelligence into action, and integrates processes and technologies to continually strengthen defenses and drive down risk. Designed by analysts but built for the entire team (security leadership, risk, security operations, threat intelligence, and incident response), ThreatConnect’s decision and operational support platform is the only solution available today with cyber risk quantification, intelligence, automation, analytics, and workflows in one. To learn more, please visit www.threatconnect.com.

We offer a competitive benefits package with comprehensive insurance coverage, unlimited paid time off, and unique perks designed to help you meet your financial and personal goals.

We are committed to offering an employment experience and benefits package that enables you and your family to grow with us and to share in our success. We love to recognize our employees who have gone above and beyond, and offer incentives like quarterly awards, an employee bonus, and referral program, and team-building outings.

Job Description

The Senior InfoSec Compliance Analyst is responsible for supporting ThreatConnect’s compliance program for customers, auditors, vendors, and regulatory requirements. The program aims to demonstrate compliance with the customers' security and privacy agreements, North American and European laws and regulations, and industry best practices.

About You

You think of the customer first. This is a customer-facing role that sets you as the customer advocate. You enjoy interfacing with customers and driving value.

You are collaborative. You're a team player who puts the interest of the team above your own. You display a positive attitude, are open-minded, and enjoy contributing.

You are a great communicator. You get your message across clearly to all the necessary teams and individuals within your team.

You are a quick learner. You love to build new skills and learn new subject matters. You relish the idea of applying your skills to other facets of your life outside of work.

In this role, you'll get to...

• Support all security & privacy compliance efforts including but not limited to ISO 27001, SOC 2, and GDPR
• Develop information security policies, standards, procedures, guidelines, and control for multiple platforms and diverse systems environments as they pertain to compliance requirements
• Oversee and enforce internal data security compliance policies
• Participate in both internal and external audits
• Provide support and knowledge in formal responses to customer requests and maintain documentation to provide risk assurance to clients
• Conduct investigations of data security risks and provide consultation to internal and external stakeholders to mitigate risk
• Collaborate with teams across the organization to ensure continued compliance with policies and security standards
• Conduct vendor onboarding procedures; interface with vendors and business leads to clearly understand their risk profile
• Develop and implement company-wide information security training and awareness programs
• Participate in developing risk management and compliance goals for the organization
• Contribute to the continual development and improvement of the Information Security Management System (ISMS) by raising awareness of Information Security risk and privacy compliance obligations

1-3-6-12 Month Plan

On day one, we’ll expect you to…

• Participate in information security compliance program-related discussion
• Review customer security and privacy requirements and help formulate responses
• Provide expert commentary on ISO 27001 and SOC 2 standards
• Provide best practices related to compliance policies and related operating procedures

At 3 months, we’ll expect you to…

• Have a good understanding of ThreatConnect’s compliance posture and any gaps
• Take complete ownership of the compliance program, day-to-day operations, and audits
• Take complete ownership of responding to customer assessments and questions related to information security and privacy compliance

At 6 months, we’ll expect you to...

• Be able to confidently communicate information security practices and standards
• Develop operating procedures such as incident response, disaster recovery, and vulnerability management procedures
• Participate in 24x7 on-call rotation for security-related events

At 12 months, we’ll expect you to...

• Become a key InfoSec Compliance Lead accountable for security compliance
• Interface with internal and external auditors for compliance audits
• Partner with the Sr. Director of Security in InfoSec program strategic planning and development of short- and long-term goals

About the Team

• This role reports to the Senior Director of Security
• You will be working with the other IT and DevOps engineers
• Most of the team works remotely and collaborates heavily using Slack and Google Meet working sessions

Requirements

Required Qualifications

• Bachelor's degree, preferably in an information technology-related field
• 4+ years of related experience in business, compliance, security, or technology management role
• Sound business acumen
• Expertise with ISO 27001, SOC 2 Type 2 frameworks
• Demonstrated security assessment, risk analysis, gap analysis, auditing, corrective action planning, and compliance assessment experience
• Excellent negotiating skills and ability to identify solutions to auditor and customer concerns on the spot
• Good understanding of information security concepts, security operations, and related technologies

Desired Qualifications

• Prior experience in a SaaS-based company
• Experience setting up new information security compliance programs
• Experience with FedRAMP and NIST 800 series publications
• Experience with GDPR, US, and Canadian privacy standards
• Auditor certification

Benefits

Work-Life Balance

• Unlimited Paid Time Off (PTO)
• Employee recognition program with quarterly awards
• Employee referral program
• Military leave options available
• Education reimbursement program for job-related college courses and professional training
• Quarterly events with your geographic team
• Annual company party
• Summer Fridays

Medical

• MEDICAL PREMIUMS FOR INDIVIDUALS AND FAMILIES ARE 100% COVERED
• Prescription drug coverage
• Dental coverage
• Vision coverage
• Company-paid short term and long term disability
• Company-paid insurance and AD&D coverage
• Pet Insurance

Financial

• 401K retirement savings plan with company matching program up to 6%
• Health Savings Account
• Flexible Spending Accounts (medical, dependent care, transit and parking)
• Cell phone stipend
• Paid Parental Leave
• Paid Bereavement Leave

Research shows that while men apply to jobs when they meet about 60% of job criteria, women and individuals from marginalized groups tend to apply only when they check every box. If you think you have what it takes but you’re not sure that you check every box, apply anyway!