Senior GRC Analyst
Tines
AWSAzureCloudGoogle Cloud Platform
Information Security Manager
Synack, Inc.
full-time
Posted on:
Origin: • 🇺🇸 United States
Visit company websiteSalary
💰 $140,000 - $169,000 per year
Job Level
SeniorLead
Tech Stack
AzureCloudSDLC
About the role
- Maintain System Security Plans (SSP), including Security Concept of Operations, Risk Management Matrix, Security Control Traceability Matrix, and conduct Security Impact Analysis (SIA) on major system changes
- Develop and maintain automated Plans of Action and Milestones (POAMs)
- Contribute to the adoption and implementation of automation and use of Artificial Intelligence (AI) within Synack's Information Security operations
- Conduct internal information security audits around ISO 27001/2, SOC2, CMMC and FedRAMP security controls
- Communicate regularly with stakeholders on security compliance issues aligning to CIS and NIST standards, track mitigation/remediation tasks, and assist in generation of reports and metrics
- Manage and track remediation of identified risks and vulnerabilities and provide appropriate reporting to all interested parties
- Work collaboratively with Project Managers and Software Engineers to ensure appropriate information security policies, standards, procedures, and guidelines are incorporated across Synack hosted services and infrastructure, focusing on hardening and DevSecOps principles
- Coordinate with field teams to respond to vendor security assessments and conduct 3rd party risk assessments of Synack vendors
Requirements
- 8+ years of experience IT Security Strategy, Risk Management, IT Audit and Compliance with a Cloud Service Provider
- Experience with Enterprise Governance, Risk Management, and Compliance (GRC) tools
- Experience with event monitoring and alerting tools such as Datadog, Stackdriver, and Azure Sentinel
- Experience with Cloud Native Application Protection Platforms (CNAPP)
- Experience with leveraging security tools within the Software Development Lifecycle (SDLC)
- Working knowledge of security regulations, standards, and frameworks, including but not limited to ISO27000, SOC2, GDPR, CMMC, FedRAMP, and NIST
- Excellent written and verbal communication skills with the ability to accurately communicate security and risk-related information to technical and non-technical audiences
- Must be a citizen of the United States (due to federal government contract requirements)
