Location Specific Information:
Senior Information Security & Compliance Analyst
Reef Technology is in search of an experienced Information Security and Compliance Analyst to join a growing Governance, risk, and compliance team. We are looking for a unique balance of skills across security, compliance and privacy functions including risk assessments, IT audits, incident response, business continuity planning, privacy impact assessments, data privacy compliance, and security/privacy awareness training. This is your opportunity to gain hands-on experience across security, privacy, audit, and risk management.
Senior Information Security & Compliance Analyst is responsible for creating and/or maintaining security policies and procedures, identifying risks, and ensuring IT controls and operational processes are in place to mitigate identified risks.
Do you have what it takes?
Bachelor's degree (Masters preferred) in business administration, computer science, information technology, law or legal studies, or a related field of study, or equivalent experience.
5 -7 years Audit, IT, or Information/Cybersecurity (or related field) experience, ideally with at least 3 years information security audit experience.
Ability to function as a consultant to other IT groups on security matters as a recognized expert and to lead cross-functional teams in making sound risk-based decisions.
Working technical knowledge of security, as well as industry trends.
Experience in developing security policies and standards.
Experience in working with geographically distributed and culturally diverse stakeholders.
Knowledge and experience with information security standards, rules and regulations related to information security and data confidentiality (e.g. GDPR, CCPA etc.).
Knowledge of industry-standard risk/control frameworks: AICPA SOC 1 or 2, ITIL, COSO, NIST, COBIT, etc.
Strong technical writing and communication skills.
Strong analytical problem solving, organizational, and project management skills.
Skilled at preparing clear, accurate and concise records and reports.
Skilled at using tact and diplomacy in dealing with sensitive situations.
One or more security certifications desired: CISA, CISSP, CRISC, or other relevant certifications a plus.
Essential Job Functions/Duties:
Develop and implement policies, procedures, and control objectives.
Develop and implement security plans for new systems and applications.
Assist with the development and on-going management of the formal Cybersecurity Governance, Risk, and Compliance (GRC) program.
Assist with the development and on-going management of the formal Cybersecurity third-party/supplier risk program.
Mature and enhance the formal cybersecurity awareness & training program.
Participate in the evaluation and analysis of security applications and systems and make recommendations to management.
Review and create audit reports on user and system activities.
Communicate unresolved security exposures, misuse, or non-compliance situations to management.
Participate in and coordinate with business unit stakeholders on security-related audits.
Work with stakeholders to ensure policies and procedures are implemented and followed; provide regular feedback to team and management.
Work with Legal and Procurement to provide guidance and technical security expertise for contractual language needs and requirements.
Other duties as assigned by supervisor.
Unique opportunity to be part an early stage and fast-growing startup driving disruption in the food-tech space
Work with a smart, dedicated and passionate team in vibrant culture
Competitive compensation and benefits
Create User Account to enable later access to your application status page
Password must contain at least 4 characters and no more than 15 characters and no
characters other than letters, numbers and the underscore may be used