Senior Security Analyst
Remote (US Only)
Posted 1 month ago
Inflection is looking for a strong security compliance candidate that has familiarity with SOCII and has experience working with multiple stakeholders and departments to ensure the company and its customers are safe and data secure. The candidate ideally has 3-5 years of experience and has security certifications from any notable organization, i.e., CISSP, CISM, and or CISA.
- Manage policies and procedures around Information Security and organizational governance.
- Create internal audits and reviews to verify processes are aligned with Inflection’s Information Security policies, procedures, and controls.
- Identify compliance requirements around PCI-DSS and Inflection's SOC 2 Type II certification.
- Develop scoping and test criteria for PCI-DSS, Inflection's SOC 2 certification and additional areas of compliance as Inflection's business operations expand (e.g., ISO 27001, NIST 800-53, etc.).
- Manage and lead annual third-party audits with coordination, evidence collection, and tracking remediation items to their completion.
- Perform user access reviews and offer guidance for best practices around user management.
- Review current clients’, potential prospects’, and third-party contractual agreements with Legal to provide guidance, recommendations, and attest to Inflection’s ability to meet their compliance obligations.
- Conduct risk and information security assessments for new third-party relationships and vendor renewals.
- Improve evidence collection and automate processes where possible.
- Respond to client and third-party security questionnaires, assessments, and SOC 2 report requests.
- Maintain role-based access controls (RBAC) templates through the creation and regular audits.
- Develop, maintain, and help administer the security awareness training program with the Learning & Development team. Manage exceptions to Inflection’s policies and procedures.
- Facilitate new hire and employment separation process with Human Resources, Information Technology, and other relevant stakeholders.
Incident Monitoring and Response:
- Review and respond to suspicious activity, cases, and incidents reported to the security incident response team and within the event management system.
- Review daily security reports and monitor for abnormalities.
- Look for patterns and ways to streamline existing functions.
- Work with Information Technology on incident escalations where additional research is needed and offer guidance on incident management and recovery.
- Assist in forensic activities when necessary.Provide regular support for after-hours Information Security on-call rotation. Assist with maintaining and testing business continuity and disaster recovery plans.
- Assist with external network and application penetration tests and remediation efforts as necessary.
- Conduct gap analysis assessments based on MITRE ATT&CK framework to identify missing areas of coverage.
- Monitor trends, the latest security vulnerabilities, and internal vulnerability report metrics within the organization to ensure compliance obligations are met.
- Provide impact analysis guidance as new vulnerabilities are introduced to the environment.
- Create threat models for critical environments and determine mitigation strategies.
Risk & Fraud Operations:
- Investigate customer payment information to intercept fraudulent transactions resulting in the use of unauthorized third-party financials or identities.
- Conduct root-cause analysis of chargebacks and customer issues in order to provide recommendations reducing chargebacks and increasing customer satisfaction.
- Monitor account activities in Inflections systems for fraudulent behaviors.
- Assist in the testing and implementation of new security tools and devices.
- Serve as a mentor and escalation point for junior team members and other relevant stakeholders.
- Report on internal security metrics to Inflection's Senior Director of Information Technology and Executive Management.
Job tags: Audits CISA CISM CISSP Compliance Incident response ISO 27001 NIST PCI Security assessments SOC 2 Vulnerabilities Vulnerability management
Job region(s): North America Remote/Anywhere
Job stats: 49 6 0
More Information Security position highlights
- Explore open SOC Analyst Jobs
- Explore open Senior SOC Analyst Jobs
- Explore open Threat Intelligence Response Analyst Jobs
- Explore open Senior Penetration Tester Jobs
- Explore open Staff Security Engineer Jobs
- Explore open Information Security Officer Jobs
- Explore open Vulnerability Analyst Jobs
- Explore open Threat Intelligence Analyst Jobs
- Explore open Software Security Engineer Jobs
- Explore open Infrastructure Security Engineer Jobs
- Explore open Senior Information Security Engineer Jobs
- Explore open Chief Information Security Officer Jobs
- Explore open Cybersecurity Analyst Jobs
- Explore open IAM Engineer Jobs
- Explore open Sr. Software Engineer - Detection Engineering Jobs
- Explore open Computer Network Defense & Incident Response Analyst - Mid to Senior Level Jobs
- Explore open DevOps Security Engineer Jobs
- Explore open Computer Forensic Software Engineer Jobs
- Explore open Personnel Security Officer Jobs
- Explore open Senior Information Security Analyst Jobs
- Explore open Engineering Manager - Information Security, Bangalore Jobs
- Explore open Cybersecurity Engineer Jobs
- Explore open Staff Engineer, Cloud Security Jobs
- Explore open Cyber Threat Analyst Jobs
- Explore open Privacy Manager Jobs
- Explore open Clearance-related jobs
- Explore open Open Source-related jobs
- Explore open CEH-related jobs
- Explore open Forensics-related jobs
- Explore open PCI-related jobs
- Explore open IDS-related jobs
- Explore open Risk management-related jobs
- Explore open Audits-related jobs
- Explore open NIST-related jobs
- Explore open Ruby-related jobs
- Explore open Splunk-related jobs
- Explore open OSCP-related jobs
- Explore open Machine Learning-related jobs
- Explore open Google-related jobs
- Explore open IPS-related jobs
- Explore open AI-related jobs
- Explore open Encryption-related jobs
- Explore open Security assessments-related jobs
- Explore open Docker-related jobs
- Explore open PowerShell-related jobs
- Explore open DNS-related jobs
- Explore open TCP/IP-related jobs
- Explore open Unix-related jobs
- Explore open Threat detection-related jobs