Security GRC Analyst

Job description

Company Description

When you join Turnitin, you’ll be welcomed into a company that is a recognized innovator in the global education space. For over 25 years, Turnitin has partnered with educational institutions to promote honesty, consistency, and fairness across all subject areas and assessment types. Over 21,000 academic institutions, publishers, and corporations use our services: Feedback Studio, Originality, Gradescope, ExamSoft, Similarity, and iThenticate.

Experience a remote-centric culture that empowers you to work with purpose and accountability in a way that best suits you, supported by a comprehensive package that prioritizes your overall well-being. Our diverse community of colleagues are all unified by a shared desire to make a difference in education.

Turnitin is a global organization with team members in over 35 countries including the United States, Mexico, United Kingdom, Australia, Japan, India, and the Philippines.

Job Description

Turnitin is seeking an experienced Security GRC Analyst with Cloud/AWS skills to join our Security & Compliance team. The Security GRC Analyst will be responsible for ensuring that our information and cloud systems comply with relevant regulatory frameworks, industry standards, and internal policies. They will also collaborate with various departments, monitor compliance, conduct assessments, and support initiatives to identify and mitigate risks.

We are looking for someone who brings strong analytical ability, attention to detail, effective communication, compliance experience, and the willingness to continuously learn. This role requires hands-on work, critical thinking and the ability to find new solutions for compliance.

This role reports to the GRC Information Security Manager.

Responsibilities:

• Maintain compliance tracking capabilities to help ensure adherence with Turnitin’s security program and industry standards such as NIST CSF, NIST 800-53, SOC 2, TX-RAMP and PCI DSS.
• Conduct risk and compliance assessments, audits, and risk evaluations to identify potential risk and compliance gaps.
• Lead preparation and audit activities required to maintain our SOC 2 Type 2.
• Collaborate with internal teams and external auditors for audit and compliance reviews.
• Collaborate with sales and customer support teams to respond to security questionnaires and security posture questions from customers.
• Support TPRM Program and conduct third-party risk assessments.
• Complete user access reviews.
• Administration of GRC platform.
• Participate in the development and documentation of security policy, standards and processes to align with company information security strategy.
• Provide security awareness and phishing training for employees and promote a culture of security and compliance.
• Coordinate phish testing.
• Collaborate with DevOps, IT, Legal, Engineering, People Team, and other departments to ensure security control and policy requirements are integrated into systems and business processes.
• Automate manual compliance tasks and improve team processes.
• Leverage AWS and Wiz for continuous monitoring.
• Measure effectiveness vs just implementation.

Technical skills:

• Cloud Infrastructure with general knowledge of AWS services such as CloudFormation, Serverless, AWS Config, CloudTrail, IAM, and JSON
• Basic scripting

Qualifications

• Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent experience).
• 3+ years of experience in a role related to Information Security.
• 1+ years AWS Cloud Services and basic scripting.
• Professional certification such as CCSK, AWS Cloud Practitioner, or other related industry certification.
• Familiarity with cybersecurity frameworks and regulatory standards such as NIST, SOC 2, TX-RAMP, and PCI DSS.
• Familiarity of risk management and security best practices.
• Experience with assessing security controls, risk mitigation strategies, and audit procedures.
• Understanding of concepts related to AWS Cloud Infrastructure and security.
• Experience conducting security impact analysis for system changes.
• Experience conducting periodic internal security reviews or risk assessments to ensure that compliance procedures and technical configurations are followed.
• Experience conducting third-party risk assessments.
• Contract review experience for security requirements.
• Highly organized and proactive individual capable of managing multiple responsibilities and delivering results.

Preferred Skills:

• Experience running SOC 2 audits or NIST based authorizations.
• Experience using Jira and Confluence for project and task management.
• Hands-on experience with Wiz, KnowBe4, and Hyperproof.
• Experience conducting third-party risk assessments.
• Demonstrated knowledge of security assessment of cloud technology and services (AWS).
• Entry level cybersecurity certification such as Security+, GIAC GSEC, or ISC2 Certified in Cybersecurity.

Additional Information

Total Rewards @ Turnitin

Turnitin maintains a Total Rewards package that is competitive within the local job market. People tend to think about their Total Rewards monetarily — solely as regular pay plus bonus or commission. This is what they earn in exchange for what they do. However, Turnitin delivers more than just these components. Beyond the intrinsic rewards of unleashing your potential to positively impact global education, and thriving in an organization that is free of politics and full of humble, inclusive and collaborative teammates, the extrinsic rewards at Turnitin include generous time off and health and wellness programs that offer choice and flexibility and provide a safety net for the challenges that life presents from time to time. Experience a remote-centric culture that empowers you to work with purpose and accountability in a way that best suits you, supported by a comprehensive package that prioritizes your overall well-being.

Our Mission is to ensure the integrity of global education and meaningfully improve learning outcomes.

Our Values underpin everything we do.

• Customer Centric- We realize our mission to ensure integrity and improve learning outcomes by  putting educators and learners at the center of everything we do.
• Passion for Learning- We seek out teammates that are constantly learning and growing and build a workplace which enables them to do so.
• Integrity - We believe integrity is the heartbeat of Turnitin. It shapes our products, the way we treat each other, and how we work with our customers and vendors.
• Action & Ownership- We have a bias toward action and empower teammates to make decisions.
• One Team- We strive to break down silos, collaborate effectively, and celebrate each other’s successes.
• Global Mindset - We respect local cultures and embrace diversity. We think globally and act locally to maximize our impact on education.

Global Benefits

• Remote First Culture
• Health Care Coverage*
• Education Reimbursement*
• Competitive Paid Time Off
• 4 Self-Care Days per year
• National Holidays*
• 2 Founder Days + Juneteenth Observed
• Paid Volunteer Time*
• Charitable contribution match*
• Monthly Wellness or Home Office Reimbursement/*
• Access to Modern Health (mental health platform)
• Parental Leave*
• Retirement Plan with match/contribution*

\* varies by country

Seeing Beyond the Job Ad

At Turnitin, we recognize it’s unrealistic for candidates to fulfill 100% of the criteria in a job ad.  We encourage you to apply if you meet the majority of the requirements because we know that skills evolve over time. If you’re willing to learn and evolve alongside us, join our team!

Turnitin, LLC is committed to the policy that all persons have equal access to its programs, facilities and employment. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.