Senior Information Security Analyst (Compliance)

Granicus is driven by the excitement of building, implementing, and maintaining technology that is transforming the Govtech industry by bringing governments and its constituents together. We are on a mission to support our customers with meeting the needs of their communities and implementing our technology in ways that are equitable and inclusive. Granicus has consistently appeared on the GovTech 100 list over the past 5 years and has been recognized as the best companies to work on BuiltIn.  
Over the last 25 years, we have served 5,500 federal, state, and local government agencies and more than 300 million citizen subscribers power an unmatched Subscriber Network that use our digital solutions to make the world a better place. With comprehensive cloud-based solutions for communications, government website design, meeting and agenda management software, records management, and digital services, Granicus empowers stronger relationships between government and residents across the U.S., U.K., Australia, New Zealand, and Canada. By simplifying interactions with residents, while disseminating critical information, Granicus brings governments closer to the people they serve—driving meaningful change for communities around the globe. 
Want to know more? See more of what we do here.
Granicus is looking for NetSuite Administrator to configure, maintain, and optimize Granicus’s NetSuite Application. As the administrator, it will be critical to understand Granicus’ business process and accounting practices to provide options to improve and support growth, while balancing the cost effectiveness and efficiency of the NetSuite instance. 

Job description

• We are looking for an experienced Senior Information Security Analyst with experience managing multiple audit frameworks, such as ISO 27001, SOC 2, PCI, FedRAMP, TxRAMP, and others. You will be part of the information security and compliance team and report to the Senior manager, Information Security. Your role will have a focus on compliance audits, control mapping, and analysis of compliance requirements. Your expertise will lend itself to identifying control gaps, collaborating with control owners to identify remediation paths, assessing risks, and providing analysis of control requirements. 
• In this role, you will:
• Manage external compliance audits, including for FedRAMP, TxRAMP, ISO 27001, SOC 2, HIPAA, FISMA, CJIS, PCI, and Cyber Essentials. This includes internal audit preparation, evidence review and submission, coordinating audit schedules, and managing audit deliverables. 
• Centralize and manage audit runbooks, including evidence runbooks. Build audit runbooks. 
• Track audit findings and resolution.
• Lead audit retrospections to identify improvement opportunities, address challenges, and highlight success points. 
• Identify and communicate control gaps, provide analysis of compliance requirements, evaluate remediation plans, and track through resolution. 
• Build and maintain relationships with external auditors and control owners.
• Provide guidance to control owners. Work with control owners to identify opportunities to improve control implementation and scalability. 
• Partner with product teams and control owners; provide guidance on compliance requirements for planned changes.
• Participate in change control review meetings to provide Security feedback and decisions. 
• Manage security projects geared towards improvement of the ISMS, compliance audits, and security resources for internal stakeholders. 
• Assist as security SME for support request escalations.
• Respond to customer questions, including to provide customer-facing responses and maintain a security answer library. 
• Review and update security training content at least annually. 

We are looking for:

• 7+ years in information security and compliance 
• Direct experience leading third party cloud security audits, such as ISO 27001, SOC 2 Type II, FedRAMP, StateRAMP, TxRAMP
• Knowledge of common security frameworks, such as NIST 800-53, ISO 27001, PCI, HIPAA, SOC 2, and/or Cyber Essentials
• Understand nuances between different audit frameworks in order to educate and support internal control owners, prepare for audits, and manage the audit process
• Experience documenting company security policies and procedures
• Strong communication skills, written and verbal
• Program management experience for multiple compliance frameworks
• Experience working with a robust product set, including software and cloud services
• Ability to work with technical teams and non-technical teams
• Familiarity with AWS, Azure, and/or GCP cloud security and infrastructure
• Relevant security certifications are a plus, such as CISSP, CISM, CISA, CRISC, or equivalent. 

Security Requirement

• Responsible for Granicus information security by appropriately preserving the Confidentiality, Integrity, and Availability (CIA) of Granicus information assets in accordance with the company's information security program.

CLOSING FROM DEFAULT - ALL LOCATIONS
Don’t have all the skills/experience mentioned above? At Granicus, we are trying to build diverse, inclusive teams. We do not have degree requirements for most of our roles. If you don’t meet every requirement above but are excited to learn more, we encourage you to apply. We might just be able to find another role that could be a perfect fit! 
The Team- We are a remote-first company with a globally distributed workforce across the United States, Canada, United Kingdom, India, Armenia, Australia, and New Zealand.
The Culture- At Granicus, we are building a transparent, inclusive, and safe space for everyone who wants to bea part of our journey.- A few culture highlights include – Employee Resource Groups to encourage diverse voices- Coffee with Mark sessions – Our employees get to interact with our CEO on very important andsometimes difficult issues ranging from mental health to work-life balance and current affairs. - Microsoft Teams communities focused on wellness, art, furbabies, family, parenting, and more.-=- - We bring in special guests from time to time to discuss issues that impact our employeepopulation 
The Impact- We are proud to serve dynamic organizations around the globe that use our digital solutions to make the world a better place — quite literally. We have so many powerful success stories that illustrate how our solutions are impacting the world. See more of our impact here.
Granicus is committed to providing equal employment opportunities. All qualified applicants and employees will be considered for employment and advancement without regard to race, color, religion, creed, national origin, ancestry, sex, gender, gender identity, gender expression, physical or mental disability, age, genetic information, sexual or affectional orientation, marital status, status regarding public assistance, familial status, military or veteran status or any other status protected by applicable law.