Miami or Denver, FL 33131 US
The Security Analyst will operate risk management systems and controls to ensure the confidentiality, integrity, and availability of computer networks, systems, and applications. The Security Analyst’s job requirements include but are not limited to managing vendor management system, performing due
diligence; and assessing internal, external, and M&A security risk.
The Security Analyst is a Cybersecurity team member and reports to the Director of IT and Security Operations. This position will work closely with the broader Technology team and key business stakeholders across all departments to support a comprehensive security program. This person will be
responsible for implementing and enhancing the existing vendor management program.
This includes the distribution of initial and annual third-party due diligence and assessing vendor responses for due diligence. This role will work closely with the company’s contract legal team to ensure that adequate Security protections are included in vendor contracts. This role will also be
responsible for M&A risk assessments.
Security Operations & Administration: 85% of typical work volume
? Perform initial and annual risk assessments, and other necessary reviews, to identify, measure,
and manage third-party information security risks based on company standards, leveraging
demonstrated knowledge of industry security practices, standards, laws and regulations.
? Develop security compliance processes and/or audits for third parties, and external services
(e.g., cloud service providers, data centers).
? Provide dedicated support to the information security risk management processes for
onboarding and oversight of all new and existing third-party vendor relationships.
? Define and document new system or interfaces and their impacts on the security posture of the
? Perform security reviews and identify gaps in security architecture.
? Review contracts, project documentation, system design documents, vendor security policies,
and other vendor security references (i.e., SOC II type 2, SIG, PCI ROC, etc.) to determine the
extent, type, and scope of risks of the vendor relationship.
? Communicate to business units and cross-functional teams regarding significant third-party
information security events and escalate to incident management, when applicable.
Security Governance, Risk & Compliance: 15% of typical work volume
? Identify and report opportunities for process improvements and solicit recommendations.
? Other duties and projects as assigned.
? Bachelor’s degree in IT, Management, or Leadership related fields.
? 3 or more years of relevant supply chain management, vendor/third-party risk management,
or operations experience in financial services, information technology, or related industry.
? CISSP, CISA, CRISC or other security industry certifications.
? Functional knowledge of common information security controls, security frameworks and
standards (e.g., ISO 27001, ISO 27018, SOC 1 / SSAE 16 & 18, SOC 2, NIST CSF, PCI-DSS, COBIT,
CSA CCM, SIG) and ability to glean significance from findings identified in these reports and
? Strong analytical and problem-solving background; good project management skills with the
ability to multitask and self-direct multiple ongoing tasks.
? Flexibility to adapt to changing assignments and ability to effectively prioritize.
? Effective written and verbal English communication at all levels.
? Demonstrated ability to operate and innovate in a small team with a fast?paced environment,
balancing both strategic and tactical needs.
? Experience with managing and assessing cybersecurity controls across a broad range of
This role is to be filled outside the states of California and Colorado.