Security Risk Associate

The Security Risk Associate plays a vital role within Signifyd's Information Security and Compliance department, actively enhancing our robust Governance Risk and Compliance (GRC) program. Joining our team means you'll collaborate closely with the Security Risk Manager to tackle administrative security tasks and ensure our organization's security posture remains to the highest standard. Your contributions will be pivotal in maintaining and advancing our commitment to cybersecurity and providing assurance to our customers and stakeholders.

Responsibilities

As a Security Risk Associate team member, you will perform the following duties:

• Facilitate the review and updates of security related policies and procedures;

• Contribute to ongoing security and compliance risk and gap assessments;

• Administer and plan security awareness training, including phishing simulations, announcements attendance, and engagement;

• Perform ongoing and annual tasks and request fulfillments related to the Signifyd's external audits and reviews;

• Support internal and external audits with collecting and analyzing preliminary evidence, preparing audit materials, etc;

• Perform third-party vendor management security due diligence reviews assessing vendor risk and controls;

• Conduct office security assessments to ensure compliance and evaluate the effectiveness of current security controls;

• Contribute to business continuity and disaster recovery planning, assessments, and exercises;

• Conduct regular access reviews on important systems;

• Fulfill customer security questionnaires and complete standard information gathering (SIG) reports, while maintaining Signifyd's internal knowledge library to ensure answers remain up to date;

• Assist in researching industry best practices, interpreting compliance requirements, and understanding their impact on Signifyd operations;

• Assist in preparing internal reports and maintaining documentation to support compliance efforts;

• Proactively participate in other GRC initiatives, offering insights and suggestions to enhance operational efficiency based on observations.

Qualifications

• You must have a passion for security work;

• Display highly organized, interpersonal, and communication soft skills;

• Have at least 1+ years experience participating in at least one of audit type: PCI-DSS, ISO 27001, SOC2, SOX 404(b), or similar

• Have 1-3 years of experience in a security program analyst or GRC-related role

• Have at least 1+ years of experience conducting and responding to customer security assessments and audits

• Ideal candidates will possess college degree and/or related professional certifications such as BS in business or information technology, CISA, CISM, CISSP, or similar

• Familiarity with additional security frameworks, privacy regulations, and standards (such as NIST, SIG, GDPR, CCPA) is an advantage.

#LI-Remote

Benefits in our US offices:

• Discretionary Time Off Policy (Unlimited!)

• 401K Match

• Stock Options

• Annual Performance Bonus or Commissions

• Paid Parental Leave (12 weeks)

• On-Demand Therapy for all employees & their dependents

• Dedicated learning budget through Learnerbly

• Health Insurance

• Dental Insurance

• Vision Insurance

• Flexible Spending Account (FSA)

• Short Term and Long Term Disability Insurance

• Life Insurance

• Company Social Events

• Signifyd Swag

We want to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process.