[Remote] Information Security Risk Analyst

Note: The job is a remote job and is open to candidates in USA. StackAdapt is the leading technology company that empowers marketers to reach, engage, and convert audiences with precision. As an Information Security Risk Analyst, you will help identify, assess, and manage information security risks while ensuring that security controls are effectively designed and operating in line with regulatory obligations.

Responsibilities

• Supporting the identification, assessment, and management of information security risks, including maintaining risk registers, monitoring remediation actions and following up on agreed risk treatments
• Assisting with vendor security risk assessments during onboarding and ongoing reviews
• Contributing to customer security assurance activities, such as completing security questionnaires
• Helping to coordinate StackAdapt’s centralized IT General Controls framework designed to manage security, compliance, and governance for enterprise IT systems
• Participating in the governance of recurring user access reviews (UARs) and segregation of duties (SoD) assessments for enterprise applications
• Supporting the governance of role-based access controls (RBAC) for enterprise IT applications
• Assisting with compliance activities against security frameworks and standards (e.g. SOC 2, PCI, etc.)
• Working with internal teams to gather information and evidence for risk and compliance activities
• Learning about emerging security risks, regulatory requirements, and industry best practices

Skills

• 1 to 3 years of experience in a related field
• Bachelor's degree (or higher) in cyber security, information technology, risk management, law, business, or a related discipline (or equivalent practical experience)
• Interest in information security governance, risk, and compliance (GRC)
• Understanding of information security and risk management concepts
• Awareness of security frameworks or standards (e.g., ISO 27001, NIST, SOC 2) and/or IT compliance frameworks (e.g., Sarbanes–Oxley (SOX))
• Strong attention to detail and ability to work with documentation and evidence
• Ability to work collaboratively with technical and non-technical stakeholders
• Willingness to learn and develop within an information security or GRC career path
• Experience supporting risk assessments, audits, or control testing activities
• Ability to work cross-functionally with various teams such as Internal Audit, IT Operations, Engineering, Legal and Finance
• Experience in designing, implementing, and/or managing application user access reviews, segregation of duties reviews, and/or conducting security risk assessments
• Strong communication skills, both written and verbal
• Strong organisational and time management skills, as well as an ability to meet deadlines

Benefits

• Highly competitive salary
• Retirement/ 401K/ Pension Savings globally
• Competitive Paid time off packages including birthday's off!
• Access to a comprehensive mental health care program
• Health benefits from day one of employment
• Work from home reimbursements
• Optional global WeWork membership for those who want a change from their home office and hubs in London and Toronto
• Robust training and onboarding program
• Coverage and support of personal development initiatives (conferences, courses, books etc)
• Access to StackAdapt programmatic courses and certifications to support continuous learning
• An awesome parental leave program
• A friendly, welcoming, and supportive culture
• Our social and team events!

Company Overview