The Role 

We're looking for an experienced security compliance analyst to join our growing Information Security team.  This role will be reporting to the Manager of Information Security. Our security team works on build on automated tools and creates innovative processes to help make security and compliance at GTI easy, instant, and omnipresent.

Responsibilities 

• Lead ongoing internal and external SOX and HIPAA audits and other security audits that are relevant to GTI’s business; lead security and compliance audits with GTI customers, and complete customer security questionnaires.
• Serve as an internal point-person for GTI employees by translating security policy and compliance frameworks into actionable requirements and guidance to inform their work.
• Perform ongoing internal operations and tasks, including ITGC security reviews, and maintain documentation associated with GTI’s compliance requirements
• Participate in risk management, incident response, business continuity tests, and other compliance activities and exercises.
• Gather and maintain metrics associated with the Information Security program, working with others on the team.
• Work with product engineers and product managers, when appropriate, to ensure mitigation of discovered risks and threats, and evangelize best practices and security compliance.
• Lead vendor and 3rd-party security assessments, ensuring that all GTI vendors and purchased software comply with our security program.
• Help create and maintain information security documentation, including security-related policies and procedures, ensuring that the GTI compliance documentation is always up to date and appropriately disseminated throughout the organization.
• Research and stay abreast of the compliance landscape evaluating new security frameworks and compliance programs that may be applicable to GTI’s business.
• Maintain a running log of information security issues and work across the organization to ensure that they are addressed in a timely manner.

Qualifications  

Our employees come in all shapes and sizes, but to be successful in this role with us, you'll at least need:

• We expect that this role will require at least 3 to 5 years of experience working in a highly regulated space, with responsibilities relating to security and compliance.
• You shouldn’t be a newcomer to key security concepts, such as relating to IAM, vendor management, and risk management. Additionally, navigating compliance with the alphabets, including SOX, SOC, CCPA, and HIPAA should be a part of your repertoire. You don’t need to have experience with all of them, but you should have had enough exposure to be able to quickly pick up others.
• Generally, a bachelor's degree in a relevant field is really helpful in working with our team on this kind of work. But feel free to convince us if you're the exception.
• We're doing some big things, and we'll find some roadblocks along the way, big and small. A big part of this role is keeping an even keel and finding the route through or around the obstacles.
• This role requires lots of communication with customers and everyone at GTI. Your colleagues will rely on your ability to translate security requirements into digestible bits of information for them. Customers will expect you to quickly articulate components of the GTI security program to help them assess risk, including as part of the business development process.
• Audit management. The ability to lead audits, especially with external stakeholders and certification authorities is a key component of this job, because you would be expected to lead at least two audits each year.
• An insatiable intellectual curiosity and the ability to learn quickly in a complex space.

Additional Requirements 

• Must pass any and all required background checks  
• Must be and remain compliant with all legal or company regulations for working in the industry