About the Role
The Sr. Security Analyst is the cornerstone of Validity's information security compliance and governance efforts. Working under the Sr. Director, Security, and Privacy, the Sr. Security Analyst will help set and maintain security standards, organize company-wide education and awareness, manage incident response and disaster recovery/business continuity programs and activities, and work to extend ISO 27001 certification and SOC 2, type 2 assessments across the company's brands.
Essential Position Duties and Responsibilities
Coordinate and conduct internal security audits in alignment with ISO 27001/27018 and SOC 2 standards and principles.
Organize and manage Validity's external SOC 2 and ISO 27001/27018 assessments.
Conduct third-party/supplier audits, client RFP/due diligence reviews, and organize 3rd party vulnerability assessments/pen tests.
Design and implement systems and processes to track, monitor, and report compliance with information security policies and procedures as well as security program performance.
Collaborate with upper management and key stakeholders on information security program development, maintenance, and enforcement to minimize Validity's risk exposure through security by design.
Act on KPI results to make continuous security program improvements.
Keep abreast of changes to security industry best practices, applicable laws, and security alerts from relevant vendors and sources (ex: US-CERT).
Work with stakeholders to define and refine Validity's security policies and procedures to enable proactive security approach.
Coordinate investigation and reporting of security incidents.
Coordinate and conduct regular incident response tabletop activities.
Responsible for the company security awareness program which includes:
Evaluating and ensuring mandatory security training content aligns with appropriate frameworks, company policies, and culture; ensuring compliance with completion timelines
Vendor selection (if applicable)
Spreading security awareness through tech talks, lunch and learns, regular communications to the company, community/industry involvement, and specialized training.
Subject matter expert (SME) to internal and external customers by providing expertise, advice, support on security-related inquiries and incidents.
Have a thorough understanding of Validity's products and services to identify where new compliance and security efforts could minimize operational risk.
Recommend and evaluate third party technology and/or services to enhance Validity security.
Assist in the implementation, adoption, and support of technology as needed.
Investigate alerts and analyze data from monitoring tools to identify and mitigate malicious activity.
Participate in 24/7 incident response on-call rotation.
Minimum 5 years of work experience in an information security-based role
Experience with fraud and abuse investigations, incident response
Security-related certifications (eg. CompTia Security+, CISSP, CISM, CEH)
Ability to maintain professional, positive demeanor in high-pressure circumstances
Ability to look creatively at the big picture, to follow trends beyond obvious attributes
Collaborative mindset - a track record of cross-functional success in a team environment
Experience with risk assessment, controls identification and testing, and/or state/federal regulatory audits
Knowledge and experience with ISO 27001/SOC2 frameworks
Familiarity with Unix/Linux environments, basic working knowledge of security testing tools (Kali Linux, nmap, Nessus, Burpsuite)
Manage multiple projects/issues concurrently
Excellent written and verbal communication skills