Job Description
TheGuarantors is a cutting edge fintech company setting the standard in rent coverage with unrivaled insurance products, with a deep understanding of owner, operator, and renter needs. We believe renters deserve better access to the home of their dreams and operators deserve greater protection and growth opportunities. That’s why we’re leveraging our expertise in real estate and using AI-based technology to help operators qualify renters faster while mitigating the risk of rental income loss. With $2B+ in rent and deposits guaranteed, we have been named one of Inc. 5000’s fastest-growing companies, one of Forbes’ Best Startup Employees, and one of Deloitte’s 2022 Technology Fast 500.
Responsibilities- The Security GRC Senior Analyst will report to the CISO
- As a Security GRC Senior Analyst in the Infrastructure and Security department, you will be responsible for developing and implementing internal policies, procedures, and controls to manage risks and ensure compliance with industry standards and regulations
- You will play a key role in overseeing security audit and governance management, conducting risk assessments, and identifying potential risks
- This position will focus on collaboration with the broader IT, Infrastructure, and Site Reliability teams, the Legal team, senior management, internal and external auditors, and regulators
- Support security operations processes, such as ensuring that strong processes are implemented and followed for resolving vulnerabilities and CVEs, and responding to security incidents
- Facilitate governance and track remediation for vulnerabilities and deficiencies and establish and implement resolutions based on risk impact and criticality
- Effectively communicate program execution status, key accomplishments, and risks to senior management both within Security and to our business partners
- Support customer inquiries and discussions, creating clarity, transparency, and confidence in TheGuarantors’ security and compliance posture, especially with respect to security questionnaires TG must execute
- Assess compliance to the CSA CAIQ and provide directives to teams in order to remediate effectively where necessary
- Monitor Regulatory Changes and impacts to the firm’s security program to maintain good standing
- Manage mitigation of identified compliance risks and issues
- Assist in overseeing Risk Assessments pertaining to Security and Identity domains
- Work with Security, Infrastructure, and Application teams to perform risk assessments, update risk register, and obtain and challenge evidence related to Cyber Security Audits and Regulatory Inquiries
- Interface with senior management, auditors, regulators, penetration testers, and other stakeholders to communicate Security Program performance
- Write, review and challenge security policies, standards and procedures across the company to support business, strategic, security and regulatory needs
- Review, negotiate, and redline contracts, including Data Protection Agreements (DPAs), with third-party vendors, partners, and customers to ensure data privacy and protection
- Create and update reports and presentations for senior management, board members, regulators, and other individuals as needed
- Assist in setting direction and prioritization for the Security and Identity roadmap and strategy
- Manage third-party vendors and platforms (e.g. Vanta) for various projects or services to ensure compliance.
- Work with vendors and colleagues to assess different technologies and determine their impact on security
- Manage and own the vendor procurement process, performing Security reviews of all pertinent information related to an existing or new vendor
- Troubleshoot security issues and assist with security incident responses and forensic investigations as needed
Requirements
- 6+ years of related security governance, risk, and compliance experience or equivalent security experience
- Ability to work and remain resilient in a fast-paced and constantly evolving and changing startup environment
- Strong technical background with a good understanding of security concepts and practical usage in Network Engineering, Network Security, Threat and Vulnerability Management, Database, SDLC, and Release Management
- Prior experience in a compliance and regulatory environment related to security and privacy including security compliance standards across industries and geographies such as NYDFS Part 500, SOC 2 Type II, ISO 27001, NIST CSF & 800-53, HITRUST, and FedRAMP.
- Extensive experience in a compliance and regulatory environment that adheres to NYDFS Part 500, SOC 2 Type II, and PCI requirements
- Proficient in public cloud-based platforms such as AWS, Azure, and GCP as well as monitoring tools such as Cloud Security Posture Management, Vulnerability Scanning, Log Ingestion/SIEM
- Experience implementing controls in Infrastructure as a Service (IaaS) cloud environments
- Excellent communication skills and ability to explain complex technology to diverse audiences across varying technical and business backgrounds in a way that fosters understanding and ownership
Benefits
- Opportunities to make an impact within a fast growing company
- Medical, dental, & vision insurance, beginning day one
- Health savings account with employer contribution
- Generous PTO and paid holidays
- Flexible working hours
- 401(k)
- Paid parental leave
- Company sponsored short and long term disability
- Flexible spending accounts (healthcare, dependent care, commuter)
- Competitive salary
Base Salary
The base salary range is between $120,000 - $130,000 annually.
Base salary does not include other forms of compensation or benefits. Final offer amounts are determined by multiple factors, including prior experience, expertise, location and current market data and may vary from the range above.
Stay in Touch
Does this role not quite match your skills, but you’re still interested in what we're doing? Stay In Touch and apply to our Dream Job to be one of the first to hear about future opportunities!
TheGuarantors is an Equal Opportunity Employer. We celebrate diversity and are committed to an inclusive environment for all.