Security Risk Associate
The Security Risk Associate plays a vital role within Signifyd's Information Security and Compliance department, actively enhancing our robust Governance Risk and Compliance (GRC) program. Joining our team means you'll collaborate closely with the Security Risk Manager to tackle administrative security tasks and ensure our organization's security posture remains to the highest standard. Your contributions will be pivotal in maintaining and advancing our commitment to cybersecurity and providing assurance to our customers and stakeholders.
Responsibilities
As a Security Risk Associate team member, you will perform the following duties:
Facilitate the review and updates of security related policies and procedures;
Contribute to ongoing security and compliance risk and gap assessments;
Administer and plan security awareness training, including phishing simulations, announcements attendance, and engagement;
Perform ongoing and annual tasks and request fulfillments related to the Signifyd's external audits and reviews;
Support internal and external audits with collecting and analyzing preliminary evidence, preparing audit materials, etc;
Perform third-party vendor management security due diligence reviews assessing vendor risk and controls;
Conduct office security assessments to ensure compliance and evaluate the effectiveness of current security controls;
Contribute to business continuity and disaster recovery planning, assessments, and exercises;
Conduct regular access reviews on important systems;
Fulfill customer security questionnaires and complete standard information gathering (SIG) reports, while maintaining Signifyd's internal knowledge library to ensure answers remain up to date;
Assist in researching industry best practices, interpreting compliance requirements, and understanding their impact on Signifyd operations;
Assist in preparing internal reports and maintaining documentation to support compliance efforts;
Proactively participate in other GRC initiatives, offering insights and suggestions to enhance operational efficiency based on observations.
Qualifications
You must have a passion for security work;
Display highly organized, interpersonal, and communication soft skills;
Have at least 1+ years experience participating in at least one of audit type: PCI-DSS, ISO 27001, SOC2, SOX 404(b), or similar
Have 1-3 years of experience in a security program analyst or GRC-related role
Have at least 1+ years of experience conducting and responding to customer security assessments and audits
Ideal candidates will possess college degree and/or related professional certifications such as BS in business or information technology, CISA, CISM, CISSP, or similar
Familiarity with additional security frameworks, privacy regulations, and standards (such as NIST, SIG, GDPR, CCPA) is an advantage.
#LI-Remote
Benefits in our US offices:
Discretionary Time Off Policy (Unlimited!)
401K Match
Stock Options
Annual Performance Bonus or Commissions
Paid Parental Leave (12 weeks)
On-Demand Therapy for all employees & their dependents
Dedicated learning budget through Learnerbly
Health Insurance
Dental Insurance
Vision Insurance
Flexible Spending Account (FSA)
Short Term and Long Term Disability Insurance
Life Insurance
Company Social Events
Signifyd Swag
We want to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process.