Cybersecurity Assurance Analyst

Location: EST or CST timezones only

About the Role

We are seeking a highly motivated and detail-oriented Cybersecurity Analyst to join our growing security team with a focus on Governance, Risk, and Compliance (GRC). This is a fully remote position within the US, but candidates must be located in the CST or EST time zones. In this role, you will play a key part in ensuring the security of our organization's information assets and compliance with relevant regulations by collaborating with stakeholders to identify and mitigate risks, ensure compliance, and develop and implement security policies and procedures. You will also be involved in vendor management, reporting and metrics, and cross-functional collaboration. The ideal candidate will have a strong understanding of cybersecurity principles, compliance requirements, and GRC frameworks, as well as experience conducting risk assessments and using GRC tools. 

The GRC team member will be responsible for assisting in the day-to-day tasks related to governance, risk management, and compliance. This includes

Governance, Risk, and Compliance (GRC)

• Framework Implementation: Collaborate to develop, review, and update strategies, policies, and procedures related to cybersecurity and technology governance. Employ effective project management techniques to manage governance routines and meetings and to maintain compliance processes.
• Risk Management: Employ strong project management skills to collaborate with stakeholders across the organization, identify and analyze cybersecurity risks, and develop and implement remediation plans within established timelines. Conduct risk assessments and internal reviews to proactively identify potential compliance issues. Maintain consistent follow-up with risk owners to ensure accountability and effective risk mitigation, driving the organization's risk management program toward its defined risk appetite
• Compliance: Proactively manage compliance activities by ensuring timely responses to risk assessments, audits, and customer or prospect inquiries. This includes preparing for and supporting internal and external audits, promptly addressing audit findings and closing identified gaps, maintaining and improving internal control standards, and staying current on relevant regulations and industry standards (including NIST and GDPR).
• Vendor Management: Assist with the vendor risk lifecycle, which requires collaborating with stakeholders across various teams, such as Corp IT, SecOps, Legal, and Procurement. This includes maintaining vendor security information, conducting security assessments, ensuring compliance with security requirements, and providing technical expertise to evaluate the security posture of SaaS systems, integrations, and add-ons.
• Training & Awareness: Collaborate with stakeholders to develop and deliver effective security awareness and GRC training programs. Take ownership of tracking training compliance and identifying areas for program improvement.
• Policy & Procedure Management: Collaborate with stakeholders to develop, maintain, and update security policies, procedures, and standards. Take ownership of tracking policy exceptions and ensuring proper approvals are obtained.
• Reporting and Metrics: Assist with developing and maintaining comprehensive security metrics and reporting processes to track key performance indicators (KPIs), identify trends, and inform decision-making. Track KPIs such as the number of open risks, time to remediate risks, and compliance with key regulations. Continuously improve reporting accuracy, efficiency, and effectiveness to align with evolving organizational needs.
• Cross-functional Collaboration: Foster strong partnerships with stakeholders across Legal, Technology, Sales, and Finance teams to ensure alignment on security objectives and initiatives. For example, partner with the Sales team to help address customer or prospect questions regarding our security program, which might also include completing the CAIQ or SigLite and posting it to our trust center.

Qualifications

• Exceptional collaboration and communication skills, with a proven ability to build consensus and effectively communicate GRC activities to diverse audiences, including senior management.
• A degree in a related field and 3+ years of experience in cybersecurity or IT, OR a minimum of 5 years of combined relevant education and experience in cybersecurity or IT.
• Understanding of cybersecurity principles, compliance requirements, risk assessments, and GRC frameworks.
• Understanding of relevant security regulations and frameworks (e.g., ISO 27001, SOC2, NIST CSF, etc.).
• Proficient with common IT systems and applications, with the ability to quickly learn and navigate new technologies.
• Strong analytical and problem-solving skills with the ability to work independently and develop creative solutions.
• Self-starter with the ability to build partnerships and function effectively with limited oversight.
• Ability to quickly learn various systems (e.g., Safebase, Anecdotes, Zendesk, Zip, Jira, etc) to support risk management and compliance activities.
• Demonstrated willingness to adapt and adjust to meet evolving business needs.
• Commitment to staying current on industry trends, emerging technologies, and relevant regulations.
• Proactive and self-motivated approach to identifying areas for improvement and implementing solutions.
• Relevant certifications (Sec+, DoD 8570/8140, CRISC, etc.) are preferred.

Our culture and benefits:

• Remote-first culture. We have offices in New York, Tel Aviv, Austin, São Paulo, and Washington DC, but the majority of our employees are working from home across the US and internationally. 
• Great people. Our people aren’t just great professionals, they are great people. We are all here to support each other, ready to help and do what’s best for the entire company. 
• A focus on career growth. We love seeing our people grow into new roles and work hard to ensure everyone sees and can realize a long term career path here at Axonius. We offer ongoing growth opportunities, including mentorship programs, a learning and development stipend, and company-wide courses..
• Next level benefits. 100% coverage of 2 different tiers of employee healthcare premiums. Dental, vision, and 401k match.
• Top-notch family leave options. 17 weeks of parental leave for primary caregivers and 8 weeks for secondary caregivers. Additional time off for important life events like marriage, birth of a grandchild, and more!
• We give back. Corporate social responsibility partnerships, employee giving opportunities , and volunteer time off.
• Competitive compensation. Market rate salaries, bonuses, or commissions. Stock options for all full time employees with equity refresh opportunities.
• DEI focused. Highly supported Employee Resource Groups (ERG). Executive-level diversity and inclusion goals. Training, events, and mentorship options.

#LI-LN1 #LI-REMOTE

Axonius is committed to fair and equitable compensation packages. A candidate’s salary will be based on qualifications and relevant experience. In addition to a competitive salary, our packages include stock options, attractive benefits, and an annual bonus.

Annual Salary Range (does not include bonus or equity)$115,000—$130,000 USD

A little more about Axonius: 

Axonius gives customers the confidence to control complexity by mitigating threats, navigating risk, automating response actions, and informing business-level strategy. With solutions for both cyber asset attack surface management (CAASM) and SaaS management, Axonius is deployed in minutes and integrates with hundreds of data sources to provide a comprehensive asset inventory, uncover gaps, and automatically validate and enforce policies. Cited as one of the fastest-growing cybersecurity startups, with accolades from CNBC, Forbes, and Fortune, Axonius covers millions of assets, including devices and cloud assets, user accounts, and SaaS applications, for customers around the world.

Headquartered in New York, New York, Axonius employs over 600 people worldwide. Axonius is named to the 2024 Forbes Cloud 100 and was named to Dun’s Best Start Up Companies to Work for Over 100 Employees. Axonius is recognized with the Great Place to Work Certification™ and for two years in a row, Axonius was ranked Deloitte Technology Fast 500 list. Axonius has been cited as the fastest growing cybersecurity company in history by revenue.

At Axonius we support a diverse and inclusive workplace and believe in equal employment opportunity. We welcome people of different backgrounds, experiences, abilities and perspectives, regardless of race, color, ancestry, religion, age, sex, gender identity, national origin, sexual orientation, citizenship, marital status, disability, or Veteran status.

By submitting your application to us, you acknowledge that your personal data will be processed in accordance with our Global Job Candidate Privacy Notice.