Information Security Analyst

**this position is open to Malaysia, Philippines and India**

At G-P, our mission is to break down barriers to global business, enabling opportunities for everyone, everywhere. With remote-first and diverse teams all around the world, our people are key to achieving this mission. That’s why we trust our Dream Team members with the flexibility and autonomy to do their best and most innovative work, encourage and support their personal growth and career development, and believe in recognition for a job well done.  

Our industry-leading SaaS-based Global Employment Platform™ enables our customers to expand and grow into 180+ countries, creating more opportunities for global success – without requiring entity or subsidiary setup. The technical opportunities you’ll experience here have a positive impact on people and their work/life possibilities around the world. Beyond the power of our platform, we never forget that behind every hire is a human being. And that brings us to you. 

If you have a passion for automation, are a deep innovator, and want to solve complex problems that lead to a world of positive results, consider G-P. Here, your knowledge and experience will be crucial to helping design and develop high-performing cloud-based software products using traditional Agile methodologies and modern frameworks.  

Beyond a competitive compensation and benefits package, what we offer to all employees along the way is the clear and simple promise of Opportunity Made Possible. Come expand your skills in new ways and experience the thrill of your best innovations becoming reality.  

About the position:

As Information Security Analyst, you will support the implementation of the company security strategy, compliance and risk management plan. You will deal with a large spectrum of sensitive and highly regulated data, ensuring compliance toward regulations, internal policies, customer requirements and administer existing and new security tools according to best practices and compliance guidelines.

What you will do:

• Develop, and maintain information security policies and procedures and ensure that the security strategies are being followed, so as to meet the organizational security goals and standards
• Apply industry best practices to ensure confidentiality, integrity, and availability of Globalization Partners' (GP) corporate data.
• Work with senior management to define and implement detailed security policies encompassing the entire data lifecycle, including backup, retention, destruction, and sharing policies of any and all corporate data, email, and employee/contractor/partner work product owned, controlled or processed by GP
• Collaborates with stakeholders to create, implement, and maintain policies and procedures which comprise the organization's Data Governance Program
• Works with the Privacy team to develop the approach for documenting and responding to data incidents and directly support the team responding to these incidents
• Responds to security inquiries from customers and third parties
• Develops and implements methodologies to assess the security controls of the company's vendors and partners
• Works with executive management to determine acceptable levels of risk for the organization
• Creates a "security culture" throughout the organization through training, communications, and awareness building

Qualifications:

• Bachelor's Degree in Information Technology, Computer Science, Business, or Engineering required, or equivalent experience or relevant certification
• 5+ experience managing information security initiatives company wide
• Familiarity with global privacy and security laws, including but not limited to GDPR, CCPA, the Singapore Personal Data Protection Act (PDPA), and others
• Experience with information security management frameworks, such as ISO 27001 and SOC 2
• Experience with security monitoring/auditing tools
• Experience managing security vendors
• Experience with cloud computing; AWS preferred
• Experience with computer network penetration testing and techniques
• Understanding of firewalls, proxies, SIEM, EDR, and IDPS concepts
• Ability to identify and mitigate network vulnerabilities and explain how to avoid them.
• Understanding of patch management with the ability to deploy patches in a timely manner while understanding business impact
• CISSP and/or CISM certification desired