Security GRC Analyst III

at Onapsis
🇦🇷 Argentina - Remote
🔒 Cybersecurity🔵 Mid-level

Job description

What you will be doing, your legacy:

Managing our Third Party (providers) and Customer Assessment processes and tool, maintaining our ISMS and supporting our security Audits like ISO 27001, SOC 2, TISAX Lv3, and the Risk Management process, where you’ll be interacting with externals, our leads and Company teams as Engineering, Legal, Product management, HR, Finance, Sales, IT, and InfoSec. You will be the GRC liaison and monitor the compliance of our providers, our policies. You will be creating InfoSec training and awareness materials.

Key activities and responsibilities:

  • Develop and maintain a formal set of Information Security policies, procedures, and standards according to the ISO/IEC 27001:2013
  • Conduct and complete an annual review of the company’s information security policies, procedures, and standards
  • Oversee and/or assist in performing ongoing assessments testing the company’s security procedures, mechanisms, and controls
  • Serve as a liaison for the implementation of security controls derived from policies, standards, and procedures.
  • Perform and manage the Vendor Security Assessment process before contracting services or applications with third parties.
  • Perform periodic Risk Assessment reviews and coordinate the remediation plan of risks with the corresponding Data Owners.
  • Support the coordination of the security audits such as ISO 27001, SOC 1 and SOC 2 audits, including preparing meetings, communicating with auditors and internal stakeholders, and reviewing controls and evidence accuracy.
  • Assist in the evaluation and settings of physical security for company sites
  • Oversee the development of a Disaster Recovery Plan
  • Develop a set of Performance Indicators to evaluate the effectiveness of security standards and controls
  • Create training materials and ensure compliance through adequate training/awareness programs and periodic security audits. These audits should be both internal and external in nature
  • Provide development guidance and assistance in the identification, implementation, and maintenance of organization information privacy policies and procedures in coordination with the Data Privacy team
  • Manage the Customer Security Assessments by collaborating with Sales, Customer Success and Legal departments to review agreements with customers, answering questionnaires or sharing compliance documentation, in order to ensure compliance with customers requirements.

Required Education / Aptitudes / Qualifications:

  • At least 3 years in a similar role.
  • ISO/IEC ISO 27001, CISSP, CISA, or other security certifications desired.
  • Excellent communication skills.
  • Jira usage knowledge
  • Spoken and written English level.
  • Practical experience on audit and risk assessment.
  • Knowledge of Information Security and Privacy related laws and regulations in the US and EU.
  • Knowledge of other information security standards apart from ISO/IEC 27001:2013 and SOC 1 and SOC 2 audits (e.g., NIST 800-53, CIS Critical Security Controls, etc.), rules and regulations related to information security and data privacy (e.g., GDPR, FERPA, CCPA, etc.) and related security principles for risk identification and analysis.

What we offer:

  • A role in shaping the future of protecting the most critical applications that run the world’s business and a career that grows as the company grows.
  • A unique culture of high achievement and teamwork.
  • Supportive and humble colleagues are the space’s top problem solvers and innovators.
  • Financial security through competitive compensation and incentives.

Employment: Onapsis hires full-time employees in Argentina. We do not engage with SRLs or B2B contractors.

About Onapsis:

Onapsis protects the business applications that run the global economy. The Onapsis Platform delivers vulnerability management, change assurance, and continuous compliance for business applications from leading vendors such as SAP, Oracle, and others. The Onapsis Platform is powered by the Onapsis Research Labs, the team responsible for the discovery and mitigation of more than 1,000 zero-day vulnerabilities in business applications.

Onapsis is headquartered in Boston, MA, with offices in Heidelberg, Germany and Buenos Aires, Argentina, and proudly serves hundreds of the world’s leading brands, including close to 30% of the Forbes Global 100, six of the top 10 automotive companies, five of the top 10 chemical companies, four of the top 10 technology companies, and three of the top 10 oil and gas companies.

For more information, connect with Onapsis on LinkedIn or visit https://www.onapsis.com.

#LI-AC1

#Remote

Share this job:
Please let Onapsis know you found this job on Remote First Jobs 🙏

Latest Jobs at Onapsis

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply