IT Security Analyst

The Role:
Wpromote seeks a highly motivated IT Security Analyst to enhance our security posture. This role will collaborate with our security vendors to achieve SOC 2 compliance and advance our CIS CSC controls. Working alongside our IT Operations and Infrastructure team, you will develop scalable security and data protection processes. This position will play a key role in all security evaluations conducted by potential and existing clients. The ideal candidate possesses experience in SOC 2 audits, application security best practices, penetration test remediations, and security program assessments. A background in security auditing and documentation based on security standards is highly desirable.
At Wpromote, we believe that great work is only possible with great people. Our goal is to build a better, more inclusive work environment and support our people at every stage of their careers by prioritizing a strong work-life balance through our policies and benefits listed below. As a Best Place to Work according to both Ad Age and Glassdoor and Adweek’s Fastest Growing Digital Agency, we are moving fast to expand our teams and bring new experts into the fold to keep pushing the boundaries of what’s possible in marketing.
We offer:-Remote-first culture-Unlimited PTO-Extended Holiday break (Winter)-Flexible schedules-Work from anywhere options*-100% paid parental leave-401(k) matching-Medical, Dental, Vision, Life, Pet Insurance-Sponsored life insurance-Short Term Disability insurance and additional voluntary insurance-Annual Class Pass credits and more! The anticipated annual salary for this role will range from $85,000 - $110,000, based on consideration of a wide array of factors unique to each candidate, including but not limited to skill set, years and depth of experience, education and certifications, competitive benchmarks, scope of responsibility, market dynamics, geographic location, and respective state’s salary threshold for exempt employees. At Wpromote, pay ranges are subject to change and are based on specific market medians for similar jobs according to third-party salary benchmark surveys. Individual pay within that range can vary due to skills, experience, and available budget. The total compensation package for this role will include benefits (listed above).
*This position may be performed remotely in most states within the US, with some exclusions**While this role offers the flexibility to work remotely, we have office hubs in Los Angeles, Chicago, and New York, where you can join in on learning and development opportunities, fun events, take advantage of a space to work, and collaborate in person!***This position is not eligible for immigration sponsorship
Important Notice: Beware of Job ScamsWpromote recruiting communications will only be sent through our official channels via wpromote.com email addresses. If you see a posting elsewhere that is not reflected on Wpromote.com/careers, it may be a fraudulent posting. We do not require payment or fees during the hiring process nor do we request sensitive information, such as Social Security numbers or payment details. Please safeguard yourself against possible scams and contact us if you encounter any suspicious activity.
#LI-SD#LI-Remote

You Will Be

• Collaborate with security consulting vendors on SOC 2 compliance, penetration tests, and CIS CSC controls.
• Optimize SOC2 engagements through the automation of audit controls using SaaS platforms.
• Manage security evaluations from potential and current clients.
• Audit and update processes and policies to ensure compliance with security requirements.
• Propose and implement security best practices, processes, and policies for the company.
• Provide guidance and implement application security standards for internal development.
• Manage our vulnerability management solution and security awareness training platform.
• Implement solutions to prevent data loss, breaches, and service interruptions.
• Evaluate data privacy and security regulation updates to determine necessary organizational changes.

You Must Have

• 3-4 years of experience in cybersecurity and data privacy.
• Experience working with security vendors on SOC 2 audits and penetration test remediation.
• Experience auditing processes and policies for alignment with CIS CSC controls and SOC 2 compliance.
• Experience with GCP Command Center.
• Experience securing Google Workspace.
• Knowledge of OWASP and application security best practices.
• Experience remediating vulnerabilities through a vulnerability management system (e.g., Rapid7).
• Strong understanding of Mac operating system security.
• Bachelor's degree in computer science or a related discipline, or equivalent relevant experience.
• Excellent written and verbal communication skills.
• Ability to work independently and collaboratively.
• Security certifications, such as CISSP, are highly preferred.

Wpromote is committed to bringing together individuals from different backgrounds and perspectives, providing employees with a safe and welcoming environment free of discrimination and harassment. We strive to create a diverse & inclusive environment where everyone can thrive, feel a sense of belonging, and do impactful work together. As an equal opportunity employer, we prohibit any unlawful discrimination against a job applicant on the basis of their race, color, religion, gender, gender identity, gender expression, sexual orientation, national origin, family or parental status, disability*, age, veteran status, or any other status protected by the laws or regulations in the locations where we operate. We respect the laws enforced by the EEOC and are dedicated to going above and beyond in fostering diversity across our workplace.
Applicants with disabilities may be entitled to reasonable accommodation under the terms of the Americans with Disabilities Act and certain state or local laws. A reasonable accommodation is a change in the way things are normally done which will ensure an equal employment opportunity without imposing undue hardship on Wpromote.
This employer participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S. If E-Verify cannot confirm that you are authorized to work, this employer is required to give you written instructions and an opportunity to contact Department of Homeland Security (DHS) or Social Security Administration (SSA) so you can begin to resolve the issue before the employer can take any action against you, including terminating your employment. Employers can only use E-Verify once you have accepted a job offer and completed the Form I-9. For more information on E Verify, or if you believe that your employer has violated its E-Verify responsibilities, please contact DHS.