Senior Information Security Analyst / GRC & Security Operations Lead

Brief DescriptionExperience 6–10 years in Information Security, GRC, or Security Operations Role Overview We are looking for a Senior Information Security Analyst who can operate across Governance, Risk & Compliance (GRC) and hands-on security operations. This role is ideal for a professional who understands both sides of security:

How to design, assess, and audit controls (ISO, risk, vendors, IAM)

How to implement and operate security tools (vulnerability management, endpoint, cloud, and application security)

You will play a key role in protecting the organization, ensuring regulatory readiness, reducing attack surface, and enabling secure business growth. Key Responsibilities

1. Governance, Risk & Compliance (GRC)

Lead internal security audits aligned to ISO 27001:2013 and related frameworks

Own and maintain security policies, procedures, and control documentation

Conduct risk assessments, document findings, and track remediation plans

Support external audits and customer security assessments

Drive continuous improvement of the ISMS

2. Third-Party Risk Management (TPRM)

Manage the vendor security assessment lifecycle

Review vendor security questionnaires, evidence, and risk posture

Classify vendors by risk and recommend remediation or acceptance

Work closely with procurement, legal, and business teams on vendor approvals

3. Vulnerability Assessment & Management

Own the vulnerability management program end-to-end

Perform and coordinate scans using tools such as:

Rapid7

Qualys

Tenable

Orca Security (Cloud Security)

Track vulnerabilities, risk scores, remediation SLAs, and closure

Provide actionable risk-based reporting to stakeholders

4. Application & Product Security

Oversee SAST and DAST processes using tools like Checkmarx

Partner with engineering teams to:

Triage findings

Prioritize fixes

Improve secure coding practices

Embed security into SDLC and CI/CD workflows

5. Endpoint & Infrastructure Security

Manage and optimize endpoint protection solutions such as:

McAfee ePO

VirusScan Enterprise

Host Intrusion Prevention (HIPS)

Drive Encryption

Cylance EDR

Support infrastructure and cloud security posture improvement

Assist with incident investigations and root cause analysis when required

6. Identity & Access Management (IAM)

Audit and review access controls, privileged access, and user lifecycle processes

Ensure least privilege, joiner–mover–leaver controls, and periodic access reviews

Support IAM governance and compliance requirements

7. Process, Tools & Collaboration

Work within ITIL / ITSM and Agile environments

Use tools like ServiceNow and Jira for:

Vulnerability tracking

Risk remediation

Audit evidence management

Collaborate closely with engineering, IT, compliance, and leadership teamsPreferred SkillsRequired Skills & Experience Core Security Skills

Strong experience in GRC, Risk Assessment, and Compliance

Hands-on experience with Vulnerability Management

Working knowledge of ISO 27001, security controls, and audits

Experience with TPRM / Vendor Risk Management

Solid understanding of IAM and access governance

Technical Security Tools (Hands-on)

Vulnerability scanning: Rapid7, Qualys, Tenable

Cloud security: Orca Security (or similar CSPM tools)

AppSec: SAST / DAST (Checkmarx preferred)

Endpoint security: McAfee, Cylance EDR

Ticketing & workflows: ServiceNow, Jira

Certifications (Preferred)

ISO 27001 Lead Auditor

(ISC)² Certified in Cybersecurity (or candidate)

ITIL v3 / ITSM

Any additional security or cloud certifications are a plus

How to Apply   Send your resume, GitHub/LinkedIn profile, and a short note about your interest to: jobs@devicedriven.com