Associate - Security and Compliance Analyst

About Us:

At apexanalytix, we’re lifelong innovators! Since the date of our founding nearly four decades ago we’ve been consistently growing, profitable, and delivering the best procure-to-pay solutions to the world.   We’re the perfect balance of established company and start-up.  You will find a unique home here. 

And you’ll recognize the names of our clients. Most of them are on The Global 2000. They trust us to give them the latest in controls, audit and analytics software every day.  Industry analysts consistently rank us as a top supplier management solution, and you’ll be helping build that reputation.

Read more about apexanalytix - https://www.apexanalytix.com/about/

Job Details

Quick Take - 

We are seeking a skilled and motivated Associate- Security and Compliance Analyst to join our team. The ideal candidate will have a strong background in Third-Party Risk Management (TPRM), SOC 1 and SOC 2 audits, ISO/IEC 27001, and SSAE 18 frameworks. This role is crucial in ensuring compliance with regulatory requirements, industry standards, and internal policies while driving continuous improvement in our risk management practices

The Work - 

1. Third-Party Risk Management (TPRM):
2. • Develop and execute TPRM strategies, ensuring proper vetting, monitoring, and reporting of third-party risks.
   • Conduct risk assessments of vendors and partners, providing recommendations for mitigation and oversight.
   • Maintain a comprehensive register of third-party contracts and associated risks.
3. SOC 1 and SOC 2 Audits:
4. • Manage end-to-end audit processes for SOC 1 and SOC 2 compliance, including evidence collection and control implementation.
   • Act as the primary liaison between internal teams and external auditors.
   • Ensure timely remediation of findings and drive continuous improvement.
5. ISO/IEC 27001 Implementation & Maintenance:
6. • Oversee the development, implementation, and maintenance of the Information Security Management System (ISMS).
   • Conduct internal audits to ensure compliance with ISO/IEC 27001 requirements.
   • Collaborate with stakeholders to manage risk treatment plans and maintain certification.
7. SSAE 18 Compliance:
8. • Ensure organizational adherence to SSAE 18 standards through the development of policies, controls, and audit processes.
   • Maintain documentation and communication with stakeholders on the organization's compliance status.
9. Policy Development and Compliance Monitoring:
10. • Draft, review, and update GRC policies and procedures to align with best practices and regulatory requirements.
    • Monitor compliance with industry standards and regulations, recommending corrective actions as needed.
11. Risk Assessment and Mitigation:
12. • Conduct enterprise-wide risk assessments to identify, analyze, and mitigate operational and information security risks.
    • Develop and maintain risk registers and dashboards for executive reporting.
13. Training and Awareness:
14. • Provide training and guidance to employees on GRC, TPRM, and compliance topics.
    • Foster a culture of compliance and security awareness throughout the organization.

The Must-Haves - 

• Bachelor’s degree in information security, Computer Science, or a related field.
• 3+ years of experience in GRC, information security, or audit-related roles.
• Expertise in:
• • TPRM tools and frameworks
  • SOC 1 & SOC 2 frameworks
  • ISO/IEC 27001 implementation
  • SSAE 18 compliance
• Strong knowledge of risk management principles and practices.
• Excellent communication and interpersonal skills for stakeholder engagement.
• Certification(s) such as CISA, CISM, ISO 27001 Lead Implementer/Auditor, or CRISC is a plus.

Over the years, we’ve discovered that the most effective and successful associates at apexanalytix are people who have a specific combination of values, skills, and behaviors that we call “The apex Way”. Read more about The apex Way - https://www.apexanalytix.com/careers/

Benefits

At apexanalytix we know that our associates are the reason behind our successes. We truly value you as an associate and part of our professional family. Our goal is to offer the very best benefits possible to you and your loved ones. When it comes to benefits, whether for yourself or your family the most important aspect is choice. And we get that. apexanalytix offers competitive benefits for the countries that we serve, in addition to our BeWell@apex initiative that encourages employees’ growth in six key wellness areas: Emotional, Physical, Community, Financial, Social, and Intelligence.

With resources such as a strong Mentor Program, Internal Training Portal, plus Education, Tuition, and Certification Assistance, we provide tools for our associates to grow and develop.