Key skills
CloudSaaSCommunicationNetwork Security
About this role
Role Overview
- Coordinate IT security governance, risk and compliance activities across the enterprise
- Oversee information security compliance activities, including daily, weekly, quarterly and/or annual security risk assessments – both performing internal assessments and responding to external assessments
- Respond to request for information on Cyderes’ security compliance from customers and partners, review and negotiate relevant agreements
- Support efforts for compliance with SOC2, ISO 27001, NIST 800-53, and other security standards and regulatory frameworks
- Conduct audit readiness assessments and coordinate with internal and external functions and audit resources
- Support the implementation and administration of the Governance, Risk, and Compliance system (GRC)
- Collaborate with other departments to direct security compliance issues to appropriate channels for investigation and resolutions
- Revise and maintain security & controls policies and procedures in accordance with applicable regulations
- Enable Continuous Compliance through Continuous testing of security & privacy controls
- Identify and provide recommendations for technology, licensing, and/or process updates to improve Cyderes overall security posture
- Develop and provide reports to keep management informed of the operation and progress of compliance efforts
Requirements
- Minimum 3 years in a GRC role with at least 1 full year of hands-on administration of a GRC automation tool (Vanta, Drata, or Sprinto etc.). Vanta is preferred.
- Experience in design and implementation of information security policies and controls
- Experience participating in external security audits; SOC2 Type II preferred
- Experience conducting needs assessments and identifying/implementing appropriate solutions
- Strong knowledge of security technologies and architecture, including encryption, cloud network security design, security group configuration, intrusion detection, data loss prevention and application security
- Ability to take initiative and be proactive
- Ability to work independently and be resourceful
- Complex problem-solving and analytical skills
- Excellent communication skills, both verbal and written; ability to condense complex information into simple language for the appropriate audience
- CISSP, CISM, CISA certifications preferred
- Analyst A (The Internal Builder): Focuses on Vanta, SOC2/ISO mapping, and internal engineering/DevOps alignment.)
- Evidence Collection: Proven track record of translating abstract SOC2 criteria into technical screenshots, logs, or API outputs.
- Proven track record of translating abstract SOC2 Common Criteria or ISO 27001 clauses into actionable technical controls.
- Analyst B (The External/Risk Specialist): Focuses on Third-Party Risk, Customer Questionnaires/Trust Center, and Privacy (GDPR/CCPA).
- high proficiency in interpreting SOC2/ISO reports and Data Processing Agreements (DPAs)
- Advanced Third-Party Risk (TPRM) Analysis: Minimum 3 years of hands-on experience evaluating SaaS vendors, with the proven ability to dissect SOC2 Type II, ISO 27001, and Penetration Test reports.
- Vanta Trust Center & Questionnaire Automation: Proficiency in managing Vanta’s Trust Center and Vendor Risk modules.
- Privacy & Data Protection Liaison: Practical experience navigating Data Processing Agreements (DPAs) and mapping vendor risks to privacy frameworks like GDPR, CCPA, or HIPAA.
Tech Stack
- Cloud
Benefits
✔ Medical Insurance
- Employee + dependents covered ✔ Life Insurance
- Protection for what matters most ✔ Retirement Match Program
- We invest in your future ✔ Hybrid Work Model
- 2–3 days in office ✔ Maternity & Paternity Leave
- Time for the moments that matter ✔ Paid Time Off
- PTO + sick & casual leave ✔ Bereavement & Volunteer Time
- Give back to your community ✔ Professional Development
- Reimbursement program ✔ LinkedIn L&D Platform
- Thousands of courses at your fingertips ✔ Mobile Phone Reimbursement
- Stay connected, on us