Senior Information Security Analyst

The Company

Serving the People Who Serve the People

Job Summary

What Your Impact Will Look Like

• Assess and improve current process to increase automation and effectiveness.
• Analyze vulnerability scan reports and tickets created, with an eye for trend analysis and improvements. This may include discussions with system owners about patching cadence, inventory management, system hardening, and change control processes.
• Provide guidance to control owners. Work with control owners to identify opportunities to improve control implementation and scalability.
• Collaborate with Security Engineering to improve ticket automation, including ticket assignments, components, labels, and other ticket fields.
• Assign tickets, append appropriate labels, and triage vulnerability tickets. This may include findings from vulnerability scans, penetration testing, customer security testing, threat intelligence findings, applicable CISA alerts, or other vulnerability notices.
• Lead improvements in metrics reporting. This will include internal security metrics and reporting as well as engaging product owners for improvements in product vulnerability reporting and tracking.
• Participate in change control review meetings to provide Security feedback and decisions.
• Partner with system and product owners to guide improved rationale and security impact analysis for deviation requests. Create playbooks for the system and product owners to utilize for improved deviation rationales.
• Author control implementation summaries and deviation rationales that support Granicus’ security posture and meet quality and content requirements.
• Support the information security team to track and maintain overall compliance with audited controls (which include controls from FedRAMP Moderate, TxRAMP, StateRAMP, ISO 27001, SOC 2, PCI, HIPAA, CJIS, and FISMA).
• Support compliance audits, including FedRAMP and ISO 27001. This will include participation in audit discussions, evidence collection and review, and planning.
  

You Will Love This Job If You Have

Knowledge/Skills/Abilities

• Experience working with software development and cloud operations teams at a SaaS and software company
• Experience with container vulnerability scans
• Direct experience with third party cloud security audits, such as FedRAMP
• Knowledge of common security frameworks, such as NIST 800-53, ISO 27001, PCI, HIPAA, SOC 2, and/or Cyber Essentials
• Understanding of audit frameworks and translating the control descriptions to system owners as actionable internal controls
• Strong communication skills, written and verbal
• Expertise with Jira query language and excel
• Drive to identify trends, inconsistencies, or other issues in order to resolve issues for effective vulnerability management, tracking, and reporting
• Experience working with a robust product set, including software and cloud services
• Ability to work with technical teams and non-technical teams
• Familiarity with AWS, Azure, and/or GCP cloud security and infrastructure
  

Experience/Credentials

• 7+ years in information security and compliance
• 5 years experience analyzing and tracking vulnerability scan reports
• Relevant security certifications are a plus, such as CISSP, SEC+, or equivalent.
  

About Us

Security And Privacy Requirements

• Responsible for Granicus information security by appropriately preserving the Confidentiality, Integrity, and Availability (CIA) of Granicus information assets in accordance with the company's information security program.
• Responsible for ensuring the data privacy of our employees and customers, their data, as well as taking all required privacy training in a timely manner, in accordance with company policies.
  

The Team

• We are a remote-first company with a globally distributed workforce across the United States, Canada, United Kingdom, India, Armenia, Australia, and New Zealand.
  

The Culture

• At Granicus, we are building a transparent, inclusive, and safe space for everyone who wants to be a part of our journey.
• A few culture highlights include – Employee Resource Groups to encourage diverse voices
• Coffee with Mark sessions – Our employees get to interact with our CEO on very important and sometimes difficult issues ranging from mental health to work-life balance and current affairs.
• Microsoft Teams communities focused on wellness, art, furbabies, family, parenting, and more.
• We bring in special guests from time to time to discuss issues that impact our employee population
  

The Impact

• We are proud to serve dynamic organizations around the globe that use our digital solutions to make the world a better place — quite literally. We have so many powerful success stories that illustrate how our solutions are impacting the world. See more of our impact here .
  

The Benefits

comprehensive and flexible benefits package

Flexibility & Balance

• Paid Time Off– Take the time you need to rest, recharge, and live your life.
• Company-Wide Wellbeing Days – Paid days off to unplug and focus on your mental health.
• Work From Home Reimbursement – Support a productive home office environment.
  

Health & Wellness

• Private healthcare benefits - Comprehensive coverage for you and your family.
• On-Demand Mental Health Support – Access to Headspace and other wellness tools.
• Fitness Reimbursement & Cycle Program – Stay active, your way.
• Critical Illness and Life Insurance Benefits
  

Family & Future

• Paid Parental Leave - For both birthing and non-birthing parents.
• Pension plan with employer contributions
  

Growth & Recognition

• Online Learning Platforms – Fuel your professional development.
• Competitive Salary & Bonuses – Your contributions are valued and rewarded.