Security Analyst
Remote
Full Time Mid-level / Intermediate USD 70K - 100K
Formstack
Capture data, generate documents, and collect digital signatures with easy-to-use workflow automation software. Learn how Formstack can help you now.Who You AreWe are seeking a motivated Trust & Compliance Analyst with a solid foundation in information security and compliance frameworks to join our growing team. This role is ideal for a self-motivated individual with a technical background and a keen interest in the fields of software customer trust, compliance, and information security. The role involves analyzing, communicating, and improving our risk environment and system of controls, with a focus on alignment against key control frameworks and standards such as NIST 800-53, Trust Services Criteria, PCI-DSS 4.0, HIPAA, ISO 27017, and ISO 27701. The successful candidate will play a crucial role in reporting on control health, maturity, residual risk, and remediation status and will collaborate across teams to enhance our compliance posture.
What You Will Do
- Understand, analyze, and report on the company's risk environment, system of controls, control health, maturity, residual risk, and remediation status.
- Operate and contribute to the processes assessing alignment against key control frameworks and assurance standards, evangelizing their importance across the organization.
- Maintain and continuously improve Trust Center content to support customer self-serve enablement and contribute to the creation and update of pre-filled questionnaires.
- Facilitate and support periodic security reviews for vendors and system access, reporting on review status, deviations, and remediation efforts.
- Collaborate with internal teams to maintain effective security testing, reporting, and remediation practices, including static and dynamic security testing and network penetration testing.
- Engage in professional development opportunities, including completing specific product onboarding, security training, and certifications.
What We Are Looking For
- Proactive self-starter with a strong technical aptitude and excellent problem-solving skills.
- Exceptional written and verbal communication skills, with a keen attention to detail.
- Demonstrated ability to manage projects and tasks with minimal supervision, delivering results in a fast-paced environment.
- Strong collaborative spirit, with the ability to work effectively across various teams and departments.
- A history of self-managed results showcasing a commitment to continuous learning and improvement.
- Bachelor’s degree in Information Security, Computer Science, or a related field, or equivalent experience.
- Familiarity with security, tech, or engineering disciplines through diplomas, certifications, or relevant work experience.
- 2-4 years of experience in information security, compliance, or a related field in a healthcare SaaS environment, with a solid understanding of compliance frameworks and standards.
- Experience with Python, Bash, Ruby, or other scripting languages; familiarity with artificial intelligence, data analytics, cloud technologies, and IT operations.
- Relevant certifications (e.g., CCSK, CISM, CISA, CISSP) are highly desirable.
- An understanding of, or experience with, relevant security frameworks and standards.
- Must be fluent in written and spoken English
Bonus Points
- A strong research background or contributions to security and tech communities (e.g., meetups, online forums, publications, open source projects).
- Experience working on a software or DevOps team, including internships, co-op placements, or open-source projects.
- Any additional certifications or training relevant to information security, such as CSA CCSK Plus or Portswigger Web Security Academy Apprentice Path.
- Salary Range: $70,000 - $100,000 USD/year
- Plus a potential annual bonus of up to 5% of the salary.
- This is a target starting cash range for a candidate who meets the minimum qualifications for this role. The final cash pay for this role will depend on a variety of factors, including a specific candidate’s experience, qualifications, skills, and projected impact.
- ***This is a remote position***
What Formstack Offers for Full-Time Employees in the US and Canada:- Competitive health plans, Dental, Vision, Disability, and Life Insurance Benefits for US and Canadian full-time employees.- Monthly Health & Wellness and Technology stipends- Half-day Fridays- Unlimited PTO for all employees.- 401k & Roth w/ safe harbor match (the US and Canada)- The most up-to-date technology, including company-issued Macs, the latest software, and other tools needed to excel at your job- Company-paid conferences and extended learning opportunities- Yearly company and team gatherings
Don’t meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every qualification. Formstack is dedicated to building a diverse, inclusive, and authentic workplace. if you’re excited about this role, but your experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right candidate for this or other roles.
Formstack is an equal-opportunity employer. We are passionately committed to equitable hiring and boldly dedicated to diversity in our work and staff. We do not discriminate in employment opportunities or practices based on actual or perceived race, color, religion, national origin, sex (including pregnancy, childbirth, or related conditions), age, marital status, sexual orientation, gender identity or expression, veteran status, uniform service member status, disability or any other characteristic protected by law. Women, people of color, bilingual and bicultural individuals, LGBTQ+ persons, and people with disabilities are encouraged to apply.
All data collected in our application process, from resume collection to application questions, is used for recruitment purposes only. We will store it in our applicant tracking system, Lever, and will not share this data with anyone else. We will keep your data until the role is filled and only continue to store it if we feel you may fit future roles.
Tags: Analytics Artificial Intelligence Bash CISA CISM CISSP Cloud Compliance Computer Science Data Analytics DevOps HIPAA NIST NIST 800-53 Open Source Pentesting Python Ruby SaaS Scripting
Perks/benefits: 401(k) matching Career development Competitive pay Conferences Health care Insurance Salary bonus Startup environment Unlimited paid time off
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Officer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Penetration Tester jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs