IT / InfoSec Analyst

About the Role

This is a full-time Business Systems & Information Security Analyst role at Veracross. You will join our InfoSec & Business Systems teams which include our CISO / VP of Engineering, our VP of Business Systems, our Product and Engineering executives, our Business Systems team, our InfoSec Analysts, our Data Protection Officer, and our CFO. This position supports all Veracross' global brands.

You’ll be working in a highly collaborative environment, lending your skills and expertise to teams throughout the company. This role will have shared ownership over IT, security, & compliance projects, workflows, documentation, and audit support. This position reports to the CISO. Veracross emphasizes a “tone from the top” approach to security & compliance, with full support from the executive team for prioritizing our initiatives.

This role is dynamic and offers opportunities for growth. You’ll focus on collecting, prioritizing, and responding to Business Systems- and InfoSec-related requests from all departments. You’ll help to design & maintain a library of up-to-date, reusable, releasable documentation for our customers as well as internal content for our teams. The balance of your time will include monitoring and configuring the security of our various systems, improving our security policies, executing technical projects, and supporting audits.

The themes of this position are tooling, documentation, and automation.

Professional, measured, and experienced communication skills are more important than any other skill.

Curiosity, and a willingness to dive in and learn something new, is a close second.

You’ll be regularly interacting with a wide variety of roles in our company, from our interns through our C-suite and possibly our board.

Our team is remote-friendly, distributed, and has employees in a variety of states and several countries. Our headquarters are in Wakefield, MA. Proximity to that location is a plus, but applicants are encouraged to apply from anywhere in the United States. If you are remote, some limited travel to our offices may occur.

What to Expect

• Be a full-time member of the InfoSec & Business Systems teams and participate in their projects, meetings, and ceremonies.
• Work with teams across the organization to maintain and improve the security and compliance of our company as well as build and advance our Information Security and Business Systems roadmaps.
• Continuously improve the resiliency of our Information Security & Business Systems processes & practices.
• Continuously improve identity protection for our employees, contractors, and customers (including credential exposure & monitoring)

• Improve processes and documentation related to IT, security, and compliance.
• Be a member of the Incident Response Team.
• Collect, prioritize, and respond to InfoSec & Business Systems support requests across departments, including Sales, Marketing, Finance, and others.
• Help to maintain the official InfoSec internal knowledge base.
• Help to maintain the official Business Systems internal knowledge base.
• Monitor industry trends for security incident intelligence.
• Assist with our procurement processes including shadow IT discovery & remediation. 
• Assist with company-wide policy creation, Business Systems & InfoSec training, and education campaigns.
• Assist with Business Systems, Information Security, and Privacy initiatives, including:
• Security tool (Recorded Future, Azure Sentinel, AlertLogic)
• Compliance tools (MineOS, Panorays, CookieBot, OneTrust)
• VPN management (Perimeter81)
• Endpoint protection (Crowdstrike, JAMF, InTune)
• Email security (M365, Mimecast, Proofpoint)
• MDM & inventory control (including mobile & laptop management, patching, & updates)
• SSO management, monitoring & security (Okta)
• Compliance programs including PCI, HIPAA, SOC2, and GDPR

You’ll be a good fit if you have …

• The ability to be flexible and adaptable, both in your duties and schedule.
• Experience with Microsoft InTune, JAMF, Kaseya RMM, CrowdStrike, Mimecast, or similar technologies.
• Experience with OneTrust, MineOS, Panorays, RecordedFuture, or similar technologies. 
• Security experience in cloud environments; experience in a medium-sized SaaS model business a plus.
• Some experience with PCI, SOC2, HIPAA, and GDPR regulations.
• Some experience being on Incident Response Teams and/or on-call.
• A service- and team-oriented mindset.

Requirements

• Excellent communication skills, both written and verbal. We’ll ask for samples.
• Excellent organization and planning skills, both technical and strategic. We’ll ask for examples.
• Curiosity and willingness to learn new things.
• Proficiency & experience with security tools similar to those listed above.
• The ability to perform responsibilities remotely.
• Eligibility to work in the US. 

Benefits

• 3 weeks of vacation per year
• 14 paid holidays per year (including the week off between Christmas and New Year's Eve)
• 56 Hours of paid sick leave annually
• Top tier benefits -
• Medical, Dental & Vision (Blue Cross Blue Shield & EyeMed)
• Veracross LLC Fidelity 401(k) Plan - Managed by Sentinel Benefits

Salary at Veracross is determined by a variety of factors including, but not limited to: business considerations, local market conditions, and internal equity, as well as candidate qualifications, such as skills, education, and experience. The compensation range for this position is $85k to $95k (annualized USD) and is eligible for an annual bonus based on company performance.

We value the power of an inclusive culture and a strong sense of belonging. We seek to infuse diversity and inclusion in everything we do while promoting a culture where differences are embraced as strengths; opportunities are equal and accessible; consideration and respect are the norm; and all team members are supported in reaching their full potential.