hero

Portfolio Careers

Discover opportunities to work at a NightDragon portfolio company
NightDragon
NightDragon
16
companies
161
Jobs

Information Security Analyst - GRC

Premise

Premise

IT
Washington, DC, USA
Posted on Wednesday, September 6, 2023

We all know every decision should be driven by data. But what about the data you don’t know? For years, the status quo in data aggregation has lacked visibility, moved slowly, and cost too much…leaving organizations to make critical decisions, day after day, without the whole picture. Premise changes that.

Across 138 countries and counting, our technology connects communities of global smartphone users to source actionable data in real-time, cost-effectively and with the visibility the world’s most innovative companies, governments and development organizations need.

With Premise, organizations win. And communities win, too. People can earn more from their opinions and discoveries. They can influence their cities for the better. And, unlike other data sourcing methods out there, they can do it all with full transparency that the data they’re gathering is going to an organization that values it…and values them.

Position Summary

Premise is growing, and we are looking to add expertise to our Information Security program. We are hiring an Information Security Governance, Risk, and Compliance (GRC) Analyst. You will support in growing and maturing our security program. As an InfoSec GRC Analyst, you will ensure our policies are up to date, our program meets compliance and privacy requirements, and we are on track to a more secure environment. Get to work with different teams at a tech startup as you help strengthen security controls in our infrastructure, tools, technologies, product, and processes. This is a collaborative role where you will have to work with different IT, Infrastructure, Engineering, Sales, and Administrative teams.


***This is an onsite position based out of our Washington DC office.

What You Will Do

  • Write, develop, standardize, and share Information Security policies and standards
  • Track and manage security compliance efforts like SOC 2 Type 2 and CMMC
  • Align Premise’s Information Security program to best practices (e.g., NIST CSF) and identify security initiatives for Premise
  • Support in certification, privacy, and regulatory processes to help track key requirements and manage security compliance goals (SOC 2, CMMC, GDPR, CCPA/CPRA, etc.)
  • Collaborate with technical resources in Engineering, Infrastructure, IT, and Information Security to mitigate open security risks
  • Identify, maintain, and communicate security risks in risk register, and support cyber risk management efforts
  • Support sales and legal teams by responding to security inquiries and questionnaires, and ensuring customer’s cyber-related questions are addressed
  • Track and manage security efforts like vendor security audits/reviews, access review support, security awareness training, vulnerability management, and more
  • Recommend technical and programmatic security improvements, conduct security gap assessments, and work with third parties like pen testers and auditors to address gaps and findings
  • Provide support on technology and security initiatives by gathering requirements, tracking progress, and documenting issues/risks, deliverables, and milestones

What You Bring Along

  • Bachelor/Masters degree in technical degree or equivalent work experience
  • 2+ years of experience working in Information Security or a related field
  • Ability to write, review, and standardize technical documentation, policies/standards, and assessments/questionnaires
  • Strong verbal and written communication skills
  • Effective at collaborating with cross-functional teams with competing needs and priorities
  • Excellent problem-solving and organizational skills
  • Experience in cybersecurity frameworks: NIST, ISO27001, or others
  • Proficient in collaborative Office tools (Microsoft Word, Excel, PowerPoint; Google Docs, Sheets, Slides) with ability to write well, and document and organize ideas, concepts, and plans concisely
  • Basic understanding of technology and information security topics such as, but not limited to, access management/control, asset management, endpoint security, network management/security, IaaS/PaaS/SaaS security, cloud security, data protection, security awareness, governance, risk, and compliance

Extras

  • Compliance, regulatory, and privacy expertise
  • Risk management expertise
  • Experience in GRC tools
  • Experience in audits, certifications, and privacy: SOC 2, CMMC, FedRAMP, GDPR, CCPA/CPRA
  • Experience demonstrating leadership; ability to influence, set priorities, inspire, and show accountability
  • Experience partnering closely with engineers, operations, sales, marketing, legal, and different teams
  • Interested in supporting and being hands on in technical security concepts

What You Get

  • Competitive compensation and 401k plans
  • Comprehensive medical/dental/vision coverage for you and your family
  • Access to Health Savings Accounts and Flexible Savings Accounts
  • Unlimited time off + paid holidays
  • Opportunities for equity shares
  • Dependent-care Flexible Spending Accounts, plus fertility support and coverage of $15,000
  • Commuter transit and parking subsidies
  • Daily lunch and snacks on-site