Information Security Compliance Associate

March 28

Apply Now

Get a free AI resume review

Synack, Inc.

WebsiteLinkedInAll Job Openings

The Premier Security Testing Platform.

Security Testing • Cybersecurity • Penetration Testing • Vulnerability Management

201 - 500

Description

• Develop and maintain information security documentation such as System Security Plans (SSP), Authorization Boundary Diagrams, Security Control Traceability Matrices, Security Test Procedures, and Plan of Action and Milestones (POA&M) • Conduct internal information security audits around ISO 27001/2, SOC2, CMMC and FedRAMP security controls • Communicate regularly with stakeholders on security compliance issues, status of remediation, and assisting in generation of reports and metrics on overall state of the program • Working with Project Managers and Engineering Leads; Ensuring appropriate information security policies, standards, procedures, and guidelines are being incorporated across services and infrastructure • Manage and track remediation of identified risks and vulnerabilities and provide appropriate reporting to all interested parties • Coordinate with the field teams to respond to vendor security assessments • Assist with Third-Party Risk Management (TPRM), compiling evidence and organizing responses

Requirements

• 3+ years of experience IT Security Strategy, Risk Management, IT Audit and Compliance with a Cloud Service Provider • Working knowledge of security regulations, standards, and frameworks, including but not limited to ISO27000, SOC2, GDPR, CMMC, FedRAMP, and NIST • Experience with Enterprise Governance, Risk Management, and Compliance (GRC) tools • Experience with Security Information and Event Management (SIEM) and alerting tools such as Sentinel, Google Cloud Monitoring & Logging or Splunk • Experience with vulnerability scanning and management tools like Prisma Cloud and Nessus. • Understanding of how different compliance frameworks overlap and supplement each other  · Strong work ethic with the ability to think outside of the box • Excellent written and verbal communication skills with the ability to accurately communicate security and risk-related information to technical and non-technical audiences

Benefits

• Salary range: $110,000 - $135,000 per year • Compensation package may include equity and benefits • More details about benefits can be found at https://synack.mybenefits.life (Employer code: synack)