Do you have a strong understanding of Information Security operations and technologies? Have you built lasting relationships with business owners and vendors? We’re looking for a creative problem-solver and a self-starter with a finesse for risk management and compliance to join our Information Security team as a Sr. Security GRC Analyst.. You’ll work closely with our CISO and GRC Leader to manage diverse governance, risk and compliance security-related tasks and issues for our rapidly growing company, with a focus on people, practices, systems and metrics. You’ll be asked to keep up with the latest industry requirements and will lead iCIMS program for the identification of security risks and the associated execution of remediation and corrective action plans. This position is critical to ensuring iCIMS is following up with those steps previously agreed upon by the business. Additionally, you’ll provide audit and sales support. If you’re a highly organized, detail-oriented, risk focused, an expert communicator, and have experience with eGRC technology, let’s chat! About Us
When you join iCIMS, you join the team helping global companies transform business and the world through the power of talent. Our customers do amazing things: design rocket ships, create vaccines, deliver consumer goods globally, overnight, with a smile. As the Talent Cloud company, we empower these organizations to attract, engage, hire, and advance the right talent. We’re passionate about helping companies build a diverse, winning workforce and about building our home team. We're dedicated to fostering an inclusive, purpose-driven, and innovative work environment where everyone belongs. Responsibilities
- Collaborate with the Manager, Information Security to ensure alignment and seamless Intergrations of risk management strategies within the iCIMS security governance framework, supporting Security’s goals and initiatives.
- Support our Sales teams regarding prospect and customer security questions, assessments, and audits, including speaking to technical controls and their alternatives and appropriate risk mitigation.
- Conduct assessments related to iCIMS compliance framework and assist the business with management of associated findings & treatment plans.
- Engage in risk communication, explaining technical controls, alternative measures, and the corresponding risk mitigation strategies as employed and coordinated with iCIMS technical teams.
- Provide support and act as key stakeholder of regulatory and compliance initiatives and a variety of security frameworks.
- Participate in associated related audits to ensure risk management objectives are captured and met.
- Assist with iCIMS information security policy & procedures as related to current and future risks, non-conformities.
- Coordinate with InfoSec teams and business units on the development, and monitoring of all Security risk based corrective action plans.
- Assist in identifying & tracking information security risks, assessing their impact, and overseeing the implementation / execution of mitigation plans ensuring risk mitigation.
- Manage and track information security risk acceptances, exceptions, and the execution of remediation plans, ensuring alignment with risk management objectives.
- Ensure timely resolution for all audit and risk assessment findings/issues identified by information security, while promoting a culture of continuous improvement in risk management practices.
- As needed, support the business continuity (BC) and disaster recovery (DR) planning and testing.
- In conjunction with our Security Analyst team, develop control key performance indictors (KPI) to ensure compliance-related controls are operating to an acceptable tolerance level.
- Conduct periodic compliance checks across the iCIMS organization. Develop and define associated metrics to allow clear visibility into iCIMS governance, risk, and compliance status.
- Work with the Manager, Information Security on coordination and execution of integration plans for iCIMS acquisitions, ensuring risk management considerations are adequately addressed.
- Assist with the annual review and update of information security related policies and processes.
- Participate in and manage annual security awareness campaigns.
- Work with the Information Security Engineering teams supporting GRC for our detection/prevention systems (IDS/IPS), integrity monitoring, anti-virus/anti-malware, vulnerability management, data loss prevention (DLP), advanced persistent treat (APT), and policy compliance, as appropriate.
- Evaluate and recommend GRC related technologies and solutions for future implementation.
- Handle sensitive and/or confidential material and information with suitable discretion.
- Design and implement business integrated workflows for real time tracking and monitoring of identified risks, ensuring seamless flow of information among relevant stake holders.
- Maintain the Security Risk repository, in a shared repository with other teams, to ensure information is accurate, up to date, reportable, and consistent to the designed workflows.
- A minimum of 5 years of experience in information security risk and/or compliance roles.
- eGRC technology experience preferred
- Additional consideration with experience building out risk workflows
- Prior experience with cloud-based security tools, technologies, and controls a plus (e.g, Amazon AWS, Azure) or ability to demonstrate a wholistic understanding of risks associated with these environments.
- Demonstrate experience in assessing, identifying and managing risk for a 1,000+ (people) sized organization.
- Familiar with and able to apply generally-accepted security methods, concepts and techniques, including an understanding of networks, operating systems, cloud operations and associated technologies and services for enterprise level organizations.
- Highly developed organizational skills and attention to detail including the ability to handle multiple projects and priorities simultaneously with a high degree of professionalism and client service orientation
- Excellent communication and interpersonal skills. Articulates thoughts and ideas clearly, concisely, and persuasively including the ability to communicate security and risk-related concepts across all stakeholder groups (written and oral): Executive team, management, peers, and external customers
- Ability to work effectively within a fast paced, changing environment that is going through high growth
- Self-starter with the demonstrated ability to take initiative, and who can proactively identify issues/opportunities, take-action or when necessary, recommend actions.
- Strategic analysis/creative problem solving and business judgment are required.
- Knowledge of common Information Security governance frameworks such as Unified Control Frameworks (UCF), ISO 27001, Service Organization Control (SOC2), Control Objectives for Information and Related Technology (CoBIT), Information Technology Infrastructure Library (ITIL), National Institute of Standards and Technology (NIST), FedRAMP, and/or FFIEC preferred.
- Experience with Office365, OneTrust, Exchange, Sumologic, Alertlogic, AWS, Azure, SIEM tools, IDS, CASb, Vulnerability Management is a plus.
- Bilingual in English and French is a plus
- Bachelor’s Degree in Information Technology, Computer Science, related curriculum or equivalent experience.
- CISA, CISSP or similar security/GRC focused certifications a plus.
We celebrate diversity and are committed to creating an inclusive environment for all employees. Our approach helps us to build a winning team that represents a variety of backgrounds, perspectives, and abilities. So, regardless of how your diversity expresses itself, you can find a home here at iCIMS.
We are proud to be an equal opportunity and affirmative action employer. We prohibit discrimination and harassment of any kind based on race, color, religion, national origin, sex (including pregnancy), sexual orientation, gender identity, gender expression, age, veteran status, genetic information, disability, or other applicable legally protected characteristics. If you would like to request an accommodation due to a disability, please contact us at email@example.com. Compensation and Benefits
iCIMS offers the following benefits: medical insurance (employees and dependent family members), personal life insurance, 28 days of paid vacation per year, reimbursement of lifestyle expense accounts, wellness service offerings, and a Retirement Plan.