Senior Security Analyst

Remote (US Only)

Applications have closed
Inflection logo

Posted 1 month ago

Inflection is looking for a strong security compliance candidate that has familiarity with SOCII and has experience working with multiple stakeholders and departments to ensure the company and its customers are safe and data secure.  The candidate ideally has 3-5 years of experience and has security certifications from any notable organization, i.e., CISSP, CISM, and or CISA.

Compliance Management:

  • Manage policies and procedures around Information Security and organizational governance.
  • Create internal audits and reviews to verify processes are aligned with Inflection’s Information Security policies, procedures, and controls.
  • Identify compliance requirements around PCI-DSS and Inflection's SOC 2 Type II certification.
  • Develop scoping and test criteria for PCI-DSS, Inflection's SOC 2 certification and additional areas of compliance as Inflection's business operations expand (e.g., ISO 27001, NIST 800-53, etc.).
  • Manage and lead annual third-party audits with coordination, evidence collection, and tracking remediation items to their completion.
  • Perform user access reviews and offer guidance for best practices around user management.
  • Review current clients’, potential prospects’, and third-party contractual agreements with Legal to provide guidance, recommendations, and attest to Inflection’s ability to meet their compliance obligations.
  • Conduct risk and information security assessments for new third-party relationships and vendor renewals.
  • Improve evidence collection and automate processes where possible.
  • Respond to client and third-party security questionnaires, assessments, and SOC 2 report requests.
  • Maintain role-based access controls (RBAC) templates through the creation and regular audits.
  • Develop, maintain, and help administer the security awareness training program with the Learning & Development team. Manage exceptions to Inflection’s policies and procedures.
  • Facilitate new hire and employment separation process with Human Resources, Information Technology, and other relevant stakeholders.

Incident Monitoring and Response:

  • Review and respond to suspicious activity, cases, and incidents reported to the security incident response team and within the event management system.
  • Review daily security reports and monitor for abnormalities.
  • Look for patterns and ways to streamline existing functions.
  • Work with Information Technology on incident escalations where additional research is needed and offer guidance on incident management and recovery.
  • Assist in forensic activities when necessary.Provide regular support for after-hours Information Security on-call rotation. Assist with maintaining and testing business continuity and disaster recovery plans.

Vulnerability Management:

  • Assist with external network and application penetration tests and remediation efforts as necessary.
  • Conduct gap analysis assessments based on MITRE ATT&CK framework to identify missing areas of coverage.
  • Monitor trends, the latest security vulnerabilities, and internal vulnerability report metrics within the organization to ensure compliance obligations are met.
  • Provide impact analysis guidance as new vulnerabilities are introduced to the environment.
  • Create threat models for critical environments and determine mitigation strategies.

Risk & Fraud Operations:

  • Investigate customer payment information to intercept fraudulent transactions resulting in the use of unauthorized third-party financials or identities.
  • Conduct root-cause analysis of chargebacks and customer issues in order to provide recommendations reducing chargebacks and increasing customer satisfaction.
  • Monitor account activities in Inflections systems for fraudulent behaviors.

Other Functions:

  • Assist in the testing and implementation of new security tools and devices.
  • Serve as a mentor and escalation point for junior team members and other relevant stakeholders.
  • Report on internal security metrics to Inflection's Senior Director of Information Technology and Executive Management.
Job tags: Audits CISA CISM CISSP Compliance Incident response ISO 27001 NIST PCI Security assessments SOC 2 Vulnerabilities Vulnerability management
Job region(s): North America Remote/Anywhere
Job stats:  49  6  0

More Information Security position highlights