Information Security Technical Analyst – SGRC (Security Governance, Risk & Compliance)

This role sits within the Security Governance, Risk, and Compliance (SGRC) function under the Information Security organization. The SGRC team works closely with cross-functional stakeholders—including Security, Legal, Engineering, Industry Relations, Procurement, and Product teams—to ensure products can be launched globally while maintaining compliance with industry standards, regulatory requirements, partner obligations, and information security best practices.

Role Overview

As an Information Security Technical Analyst, you will support the execution of enterprise information security programs, with a primary focus on risk reduction through vulnerability management, vendor security monitoring, and the development and implementation of automated control assessments.

You will collaborate across teams to enhance and scale security risk reduction programs, enabling the organization to make informed, risk-based decisions while maintaining speed and agility.

This role is instrumental in reducing the impact and likelihood of vulnerabilities by providing expert guidance on remediation and driving continuous improvements in security processes.

Key Responsibilities

• Manage and triage incoming vulnerability cases, including CVE notifications, cloud vulnerabilities, misconfigurations, access control issues, web application vulnerabilities, and source code risks
• Perform technical assessments of vulnerabilities and support engineering teams with remediation strategies, including patch implementation
• Partner with security and product teams to prioritize and remediate vulnerabilities using a risk-based approach
• Monitor vendor advisories, zero-day vulnerabilities, and threat intelligence sources to assess potential impact
• Drive the risk exception process by collaborating with stakeholders to evaluate and document risk-based decisions
• Identify automation opportunities to reduce manual effort in triage, case management, and escalation workflows
• Address root causes of recurring vulnerabilities to ensure long-term remediation and prevention
• Track and report on vulnerability metrics such as backlog, remediation timelines, and trends to evaluate security posture
• Maintain and update runbooks, playbooks, and operational documentation
• Collaborate with Engineering and Compliance teams to manage penetration testing results and address compliance-related vulnerabilities (e.g., PCI)
• Support bug bounty programs in coordination with third-party vendors and internal teams
• Participate in ongoing risk assessments to identify, evaluate, and monitor cybersecurity risks using quantitative and qualitative methods
• Provide subject matter expertise in security and risk across cross-functional initiatives
• Support risk mitigation strategies and continuous improvement of the overall risk management program

Required Qualifications

• 5+ years of experience in information security, risk management, or cybersecurity within a technology-driven environment
• Strong understanding of cloud infrastructure (AWS, GCP, Azure), networking, and containerized environments
• Experience working with vulnerability scanning tools and managing vulnerability lifecycle processes
• Knowledge of common security risks, including OWASP Top 10, cloud vulnerabilities, and code security issues
• Hands-on experience with scripting and automation for security workflows
• Solid understanding of risk management principles, countermeasures, and compensating controls
• Ability to work both independently and collaboratively with strong communication and interpersonal skills

Preferred Qualifications

• Foundational knowledge of information security concepts, including threats, vulnerabilities, and risk frameworks
• Experience leveraging AI tools and automation workflows for process optimization
• Strong analytical and problem-solving mindset with a results-driven approach
• Relevant certifications such as CISSP, Security+, CySA+, or GIAC

Apply now