Sr. Information Security & GRC Analyst
Raleigh, NC
Applications have closed
Who We Are:
Bandwidth (NASDAQ: BAND) is a global communications software company that helps enterprises connect people around the world with cloud-ready voice, messaging and emergency services. Backed by a network reaching 60+ countries covering 90 percent of global GDP, companies like Cisco, Google, Microsoft, RingCentral, Uber and Zoom use Bandwidth's APIs to easily embed communications into software and applications. Bandwidth has more than 20 years in the technology space and was the first Communications Platform-as-a-Service (CPaaS) provider to offer a robust selection of APIs built around our own global network. Our award-winning support teams help businesses around the world solve complex communications challenges every day.
At Bandwidth, your music matters when you are part of the BAND. We celebrate differences and encourage BANDmates to be their authentic selves. #jointheband
What We Are Looking For:
The Sr. Information Security & GRC Analyst core function serves in a primary role as the Technical Lead for administration of the ISMS/PIMS, and GRC supporting systems. This individual is required to have formal compliance audit knowledge and experience with audits for common security controls. Audit tasks include internal compliance audits, reviews of users, access, roles, privileges, and permissions across complex IT environments. This role also assists with risk management, security and privacy controls, ISMS/PIMS requirements, policies, standards, baselines, guidelines, and procedures as well as assisting security leadership with formal risk/gap assessments including customer and prospect security reviews. You will actively work towards achieving and upholding the Enterprise’s Security and Privacy goals, policies and procedures for Bandwidth Inc. This role will liaison with peers in security and IT as well as across all technology departments.
What You'll Do:
- Plan, design, build, implement, and maintain the Security ISMS/PIMS system(s).
- Plan, design, build, implement, and maintain the GRC systems, tools, and apps that support the ISMS/PIMS.
- Serve as the Technical Lead for the Security ISMS/PIMS and GRC systems, tools, and apps.
- Facilitate the risk assessment process of third-party vendors (VRM Process).
- Support internal and external audits to support the Security program and overall compliance needs.
- To include, supporting internal audits of Contractual and Policy controls to validate ISMS/PIMS effectiveness and compliance.
- Participate on the Security IRT as needed for Incident Management processing and support.
- Work across multiple teams to help drive reduction in risks, gaps, and non-compliances.
- Conduct internal audits to validate completeness and accuracy of the ISMS/PIMS, and security program.
- Perform user access reviews (UARs) as needed for audits and reporting on a recurring basis.
- Develop remediation/corrective actions driven by audit results for compliance within the organization.
- Assist with information security and privacy awareness training, educational material, campaigns, and Manage the related records, KPI’s and metrics.
What You Need:
- Degree in IT or Information Security discipline or other equivalent combination of education and/or sufficient work experience that is focused on IT Security, Risk Management, Data Protection or Compliance.
- Certifications are preferred and welcomed, but not required for the role.
- Minimum 3-5 years in IT/Tech related roles, and preferred 3+ years of Information Security and audit experience.
- Proficient understanding and working knowledge of common security standards and frameworks and the supporting systems and tools that are required for achieving and maintaining compliance.
- Experienced with operating industry standard Infosec GRC tools and supporting systems.
- Knowledge of common cyber-security tools; GRC, SIEMs, vulnerability scanners secops and appsec.
- Knowledge of common AWS cloud security standards including tools and supporting systems.
- Experience using Jira, Confluence, and ServiceNow.
- Understanding of IT systems, architecture, design, towards common industry best practices.
- Strong analytical skills (logical/critical thinking) reviewing reports, spotting trends, areas of concern, etc.
- Agile flexibility to move between work streams to help accommodate changes and priorities.
- Critical thinking and a problem solving mindset, propensities toward designing effective remediations.
- Familiarity of Windows, Linux, and Mac operating systems.
The Whole Person Promise:
At Bandwidth, we’re pretty proud of our corporate culture, which is rooted in our “Whole Person Promise.” We promise all employees that they can have meaningful work AND a full life, and we provide a work environment geared toward enriching your body, mind, and spirit. How do we do that? Well…
- 100% company-paid Medical, Vision, & Dental coverage for you and your family with low deductibles and low out-of-pocket expenses.
- All new hires receive four weeks of PTO.
- PTO Embargo. When you take time off (of any kind!) you’re embargoed from working. Bandmates and managers are not allowed to interrupt your PTO - not even with email.
- Additional PTO can be earned throughout the year through volunteer hours and Bandwidth challenges.
- “Mahalo moments” program grants additional time off for life’s most important moments like graduations, buying a first home, getting married, wedding anniversaries (every five years), and the birth of a grandchild.
- 90-Minute Workout Lunches and unlimited meetings with our very own nutritionist.
Are you excited about the position and its responsibilities, but not sure if you’re 100% qualified? Do you feel you can work to help us crush the mission? If you answered ‘yes’ to both of these questions, we encourage you to apply! You won’t want to miss the opportunity to be a part of the BAND.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile APIs Application security Audits AWS Cloud Compliance Confluence ISMS Jira KPIs Linux Privacy Risk assessment Risk management SecOps Windows
Perks/benefits: Flex vacation Health care Unlimited paid time off
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs