Security Risk Associate

Signifyd

We switched to a 4 day work week in January 2022 (32hrs / week)

Only considering candidates eligible to work in the USA ⚠️

The Security Risk Associate plays a vital role within Signifyd's Information Security and Compliance department, actively enhancing our robust Governance Risk and Compliance (GRC) program. Joining our team means you'll collaborate closely with the Security Risk Manager to tackle administrative security tasks and ensure our organization's security posture remains to the highest standard. Your contributions will be pivotal in maintaining and advancing our commitment to cybersecurity and providing assurance to our customers and stakeholders.

Responsibilities

As a Security Risk Associate team member, you will perform the following duties:

  • Facilitate the review and updates of security related policies and procedures;
  • Contribute to ongoing security and compliance risk and gap assessments;
  • Administer and plan security awareness training, including phishing simulations, announcements attendance, and engagement;
  • Perform ongoing and annual tasks and request fulfillments related to the Signifyd's external audits and reviews;
  • Support internal and external audits with collecting and analyzing preliminary evidence, preparing audit materials, etc;
  • Perform third-party vendor management security due diligence reviews assessing vendor risk and controls;
  • Conduct office security assessments to ensure compliance and evaluate the effectiveness of current security controls;
  • Contribute to business continuity and disaster recovery planning, assessments, and exercises;
  • Conduct regular access reviews on important systems;
  • Fulfill customer security questionnaires and complete standard information gathering (SIG) reports, while maintaining Signifyd's internal knowledge library to ensure answers remain up to date;
  • Assist in researching industry best practices, interpreting compliance requirements, and understanding their impact on Signifyd operations;
  • Assist in preparing internal reports and maintaining documentation to support compliance efforts;
  • Proactively participate in other GRC initiatives, offering insights and suggestions to enhance operational efficiency based on observations.

Qualifications

  • You must have a passion for security work;
  • Display highly organized, interpersonal, and communication soft skills;
  • Have at least 1+ years experience participating in at least one of audit type: PCI-DSS, ISO 27001, SOC2, SOX 404(b), or similar
  • Have 1-3 years of experience in a security program analyst or GRC-related role
  • Have at least 1+ years of experience conducting and responding to customer security assessments and audits
  • Ideal candidates will possess college degree and/or related professional certifications such as BS in business or information technology, CISA, CISM, CISSP, or similar
  • Familiarity with additional security frameworks, privacy regulations, and standards (such as NIST, SIG, GDPR, CCPA) is an advantage.

#LI-Remote

Benefits in our US offices:

  • Discretionary Time Off Policy (Unlimited!)
  • 401K Match
  • Stock Options
  • Annual Performance Bonus or Commissions
  • Paid Parental Leave (12 weeks)
  • On-Demand Therapy for all employees & their dependents
  • Dedicated learning budget through Learnerbly
  • Health Insurance
  • Dental Insurance
  • Vision Insurance
  • Flexible Spending Account (FSA)
  • Short Term and Long Term Disability Insurance
  • Life Insurance
  • Company Social Events
  • Signifyd Swag

We want to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process.

Signifyd provides a base salary, bonus, equity and benefits to all its employees. Our posted job may span more than one career level, and offered level and salary will be determined by the applicant’s specific experience, knowledge, skills, and abilities, as well as internal equity and alignment with market data.

USA Base Salary Pay Range

$60,000—$85,000 USD

Signifyd's Applicant Privacy Notice

Signifydsignifyd.com

Optimize Revenue + Automate Orders + Eliminate Fraud

Working Week

We switched to a 4 day work week in January 2022 (32hrs / week)

  • Mon
  • Tue
  • Wed
  • Thu
  • 🏖️
    Fri

Our Vacation Policy

Our vacation policy varies by location e.g. in the USA we offer Discretionary Time Off Policy (unlimited) and in the UK we offer 20 days PTO plus public holidays. For the UK this works out as:

  • 28 days
  • 52 Fridays
  • 80 days off per year

Remote Working Policy

We have offices in San Jose, New York, Denver, Belfast, London, Sao Paulo and Mexico City. Many of us also work 100% remotely.

Company Benefits

  • Health insurance
  • 401K Match
  • Generous parental leave
  • Dentalcare
  • Equity / options
  • Equipment allowance

Desirable Skills and Experience

  • Security policies
  • Risk assessments
  • Security training
  • Audit support
  • Vendor management
  • Business continuity
  • Access reviews
  • Security questionnaires
  • Compliance research
  • Internal reports

Share this job:

Report incorrect data

Let us know if the job has expired