Position Summary:

The Security GRC Analyst is focused on ensuring Pax8’s security incident response is coordinated, documented, and messaged with key stakeholders. They oversee the delivery of an up-to-date incident response plan, execution of IR tabletop exercise, and day-to-day coordination of any security related incidents that require leadership involvement. Additionally, the Analyst supports the maturity efforts of the third-party risk management security program. Third party risk program focuses on internal supplier and vendor marketplace security risk reviews and assurance efforts.  They are a key member of the Trust and Security team, providing guidance and direction to security professionals and collaborating with other departments across the organization.

Essential Responsibilities:

• Manage inquiries and requests related to incident response through cross-functional team coordination.
• Oversee execution of incident response tabletop exercises.
• Participate in security program improvements and tool selection efforts aligned with the security incident response and resilience.
• Develop and maintain security procedures for incident management and response by defining and documenting security best practices for managing an incident management process.
• Stay up-to-date on industry trends and best practices by continuously learning and adapting the security program to address evolving threats.
• Collaborate with other departments by partnering with IT, engineering, legal, data management office, HR, and other departments to ensure security considerations are integrated into all business processes.
• Measure and report on security performance by tracking key metrics (KPIs/KRIs), identifying areas for improvement, and reporting to the GRC leader and other stakeholders.
• Collaborate on building out an improved third-party risk management program that supports risk reviews of our internal suppliers and marketplace vendors.
• Perform risk assessments on third parties, track security risks, and promote strong compliance practices.

Ideal Skills, Experience, and Competencies:

• At least three (3) years of experience in IT security role with incident management or response related experience.
• Proven experience in resilience and security incident response efforts (e.g. understand asset criticality, data classification, business impact, key stakeholder engagement and strong cross-functional communications).
• Understanding of public cloud deployments and associated security risks and controls.
• Experience working in a Zero Trust focused security program.
• Strong understanding of security best practices and frameworks (e.g., MITRE ATT&CK, NIST Cybersecurity Framework, ISO 27001:2022 and SOC2 audit efforts).
• Excellent communication, interpersonal, and leadership skills.

Recommended Education & Certifications:

• B.A./B.S. in a related field or equivalent work experience.
• Risk Focused Certifications such as CISA, CRISC, CISSP is a plus

Compensation:

#LI-Remote #LI-AG1 #BI-Remote #DICE-A