Company offers the most-trusted app building platform for anyone looking for a better way to work. TrackVia gives businesspeople and IT experts the ability to easily build and integrate apps to track, manage, and automate processes in days, not weeks. Our customers make lasting and substantial improvements to their business using Company’s bullet-proof cloud-based technology — and they love getting the industry’s best customer experience every step of the way.
We are looking for an enthusiastic Information Security GRC Analyst to “organize all the security things!” – frameworks, policies, standards, controls, and audit artifacts.
As the GRC Analyst, you are the organizing force across all aspects of Company’s security program. You ensure alignment and compliance with regulatory requirements and control frameworks such as HIPAA, AICPA SOC, ISO 27001, and FedRAMP. To the company, you provide clarity, drive accountability, and push for continuous improvement. To our customers, you build trust.
The Information Security GRC Analyst reports to the Director, Information Security. The position is fully remote with occasional travel to corporate HQ in Denver, CO.
- GRC Operations
- Develop a solid foundation in Information Security GRC concepts and processes
- Manage the selection, implementation, and operation of GRC tools
- Automate the collection of control test and internal audit data with low-code tools
- Drive continuous improvement of the InfoSec GRC program
- Other GRC related duties as needed
- Governance Support
- Manage the annual review process for policies, procedures, and standards
- Develop and manage a security policy exception process
- Develop and maintain Information Security and GRC metrics
- Support the Information Security Management Committee (ISMC) as needed
- Risk Management Support
- Coordinate risk management processes
- Maintain the Risk Register
- Manage the control test and reporting process
- Develop and maintain risk management metrics, reports, and dashboards
- Support control enhancement and/or gap remediation projects
- Compliance Support
- Develop an understanding of FedRAMP, HIPAA, and SOC audit requirements and testing procedures
- Manage internal audit processes
- Coordinate internal resources in support of external/3PAO audits
- Manage Corrective Action Plans and/or POA&Ms
- Sales Support
- Response to customer security questionnaires and inquiries about our Information Security and Privacy programs
- Collaborate on customer-facing security and privacy compliance materials
- Cloud security: You have a strong conceptual understanding of security controls at the system, network, and application levels and how these are applied in cloud architectures. You have experience supporting SaaS environments built on AWS.
- Compliance: You have experience with control standards and frameworks such as FedRAMP, HIPAA, NIST 800-53, SOC 2, or ISO 27001. You have participated in various forms of internal controls review, testing, or internal audit.
- Cross-functional Collaboration: You succeed best by helping the team accomplish shared goals. You develop a shared understanding of risk; security, and compliance requirements; and the business processes necessary to meet our privacy and security commitments.
- Leadership: You understand that all roles have an element of leadership. You have a history of helping to develop a common vision and goals for the team. You lead by influence, relationship building, and example.
- Organization Skills: You are great at arranging and organizing things to understand relationships and dependencies. You enable efficient management of requirements, tasks, projects, and entire programs.
- Project Management: You have experience leading projects with resources across multiple teams and time zones. You are comfortable flexing your role as a project team member, coordinator, or manager depending on project requirements and available resources.
- Education: You have a bachelor’s degree in Computer Information Systems, Information Assurance, or related. You have relevant security or risk certifications, e.g., CISA, CISM, CISSP, CRISC, etc.
- Experience automating manual processes and workflows.
- Experience with GRC tools.
- Experience in customer-facing roles.
- Experience as a Security Analyst, Systems Administrator, or other technical role.
- Python skills are a strong differentiator.
Salary & Benefits
- The salary range for this position is $80,000 to $100,000
- We cover 100% of employee medical, dental, and vision benefits
- We understand you have a life outside of work and have an unlimited, flexible time-off policy
- We provide competitive paid parental leave for all new parents after 6 months
- We made Built in Colorado’s Best Small Companies to Work For list, Denver Business Journal’s Largest Denver-area Tech Employers list, and Outside Magazine’s 50 Best Places to Work list
- You will have the opportunity to challenge yourself and have a high degree of responsibility and impact
- Your daily tasks will change often and give you many opportunities to grow your professional and technical skillset and advance your career
Education & Training
- Hands-on low-code application development training via Company's official training program.
- Sponsorship for Project Management Institute’s (PMI) Citizen Developer certification program.
- Security and/or compliance certification and continuing education assistance.