Information Security Analyst

About the Role

This is a full-time Information Security Analyst role at Veracross. You will join our InfoSec team which includes Product and Engineering executives, our vCISO, and our CFO. You'll be working in a highly collaborative environment, lending your skills and expertise to teams throughout the company. This role will have shared ownership over security & compliance projects, workflows, documentation, and audit support. This position reports to the VP of Engineering and directly interacts with our outside information security partner. As our first dedicated full-time security analyst hire, you'll get to help set the tone and direction of the role. Veracross emphasizes a "tone from the top" approach to information security, with full support from the executive team for prioritizing InfoSec initiatives.

This role is dynamic and offers opportunities for growth. You'll focus on collecting, prioritizing, and responding to InfoSec-related requests from our all departments. You'll help to design & maintain a library of up-to-date, reusable, releasable documentation for our customers as well as internal content for our teams. The balance of your time will include improving our security policies and supporting audits. Our InfoSec team follows agile processes, and you'll participate in those and occasionally lead them using Jira and Confluence. We use RealCISO as an assessment tool as well as Tugboat Logic as our automated compliance platform. We use Mimecast to manage email security.

Our team is remote-friendly, distributed, and has employees in a variety of states and contractors in several countries. Our headquarters are in Wakefield, MA. Proximity to that location is a plus, but applicants are encouraged to apply from anywhere in the United States. If you are remote, some limited travel to our offices may occur.
What to Expect

• Be a full-time member of the InfoSec team and participate in their projects, meetings, and ceremonies.
• Work with teams across the organization to maintain and improve the security and compliance of our company as well as build and advance our information security roadmap.
• Operate within Agile best practices across several teams.
• Assist with Information Security and Privacy initiatives, including PCI, HIPAA, SOC2, GDPR.
• Improve processes and documentation related to security and compliance.
• Be a member of the Incident Response Team.
• Collect, prioritize, and respond to InfoSec support requests across departments, including Sales, Marketing, IT, and others.
• Maintain the official InfoSec internal knowledge base.
• Monitor industry trends for security incident intelligence.
• With our Business Systems team, oversee vendor management processes.
• With our Business Systems team, oversee and manage email security programs including phishing campaigns.
• Assist with company-wide policy creation, InfoSec training, and education campaigns.

Requirements

• Excellent communication skills, both written and verbal.
• Excellent organization and planning skills, both technical and strategic.
• The ability to perform responsibilities remotely.
• The ability to be flexible and adaptable, both in your duties and schedule.
• Experience with Agile process management.
• 2+ years of security experience in cloud environments; experience in a medium-sized SaaS model business a plus.
• Experience with PCI, SOC2, and HIPAA regulations. Experience with GDPR a plus.
• A service- and team-oriented mindset.
• Eligibility to work in the US.

Benefits

• 3 weeks of vacation per year
• 14 paid holidays per year (including the week off between Christmas and New Year's Eve)
• Top tier benefits -
  • Medical, Dental & Vision (Blue Cross Blue Shield & EyeMed)
  • Veracross LLC Fidelity 401(k) Plan - Managed by Sentinel Benefits
• Gym in the Wakefield Office


We value the power of an inclusive culture and a strong sense of belonging. We seek to infuse diversity and inclusion in everything we do while promoting a culture where differences are embraced as strengths; opportunities are equal and accessible; consideration and respect are the norm; and all team members are supported in reaching their full potential.