This is a unique opportunity to be part of a rapidly growing tech company. The purpose of the Information Security Analyst function, in turn, is to bring the organizations information security risks under explicit management control.
· Hands-on experience to create policies, procedures, and guidelines that are relevant within the organizational Information security framework
· Identifying and communicating gaps between ThrivePass’ policies, procedures, and standards with regards to regulations.
· Monitoring compliance levels of internal and third parties using appropriate KPIs and KRIs.
· Working closely with multiple business units, including Legal,Software Development, Product Sales, and Marketing teams to assess current and potential regulatory requirements.
· Working with corporate training and development to ensure employees are knowledge about their role in our compliance program.
· Supporting the development and execution of new compliance policies and procedures as required.
· Perform real-time monitoring, security incident handling, investigation, analysis, reporting and escalations of security events from multiple log sources
· Provide analysis and trending of security events, alarms, and information from a large number of security and network devices.
· Identify and mitigate information security risk through continuous control monitoring and automation.
· Scale global regulation requirements through proactive definition of security controls and an applicable security management system to establish scope and audit requirements
· Expertise to frontend and take ownership of all internal and external audits for the organization
· Develop tools and strategies to assess the health of security controls and adherence to policy, process, and procedures requirements.
· Ensure proper documentation and rapid remediation of identified deviations.
· Develop test cases to ensure observed deviations do not reoccur.
· Lead in the completion of client security questionnaires.
· Monitor systems and networks for security issues.
· Investigate security breaches and other cybersecurity incidents.
· Install security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs.
· Document security breaches and assess the damage they cause.
· Work with the security team to perform tests and uncover network vulnerabilities.
· Fix detected vulnerabilities to maintain a high-security standard.
· Stay current on IT security trends and news.
· Perform internal penetration testing.
· Research security enhancements and make recommendations to management.
· Stay up to date on information technology trends and security standards.
· Working knowledge of common security frameworks, such as NIST, GDPR, SOC 2, HIPAA, PCI-DSS etc.
· Experience with integrating security into the software development lifecycle
· Technical understanding of cloud concepts and Microsoft Azure.
· Experience with programming/scripting languages and tools used inThrivePass like .Net, Angular, SQL etc.
· Experience with Rest API development.
· Experience with CI/CD, Docker, managing git repositories and code versioning tools (Azure DevOps, Github, Bitbucket etc.)
· Strong critical-thinking and problem-solving skills.
· Ability to collaborate and influence both company, customers(current and prospective) and third parties with regards to changes insecurity, compliance and IT posture.
· Very good process documentation skills with the ability to conceptualize processes and convert these into well-written documents.
· Experience in managing technical teams leading mid-size to large size fast moving IT, Security and Product Implementations.
Industry: SaaS technology & US benefits
Role Category: Security
Employment Type: Full-Time (Permanent)
Salary Band: Based on Skill set and Experience
Can Join us: ASAP (As Soon As Possible)
ThrivePass is committed to providing an inclusive and welcoming environment for all team members. We do not and shall not discriminate based on race, color, religion (creed), gender, gender expression, age, national origin (ancestry), disability, marital status, sexual orientation, or military status, in any of its activities or operations.