• Senior Security GRC Analyst

    Location US-NY-New York
    # of Openings
    Technology and Infrastructure
    Information Security
    Posting Level
  • Job Overview:

    Do you have a strong understanding of Information Security operations and technologies? Have you built lasting relationships with business owners and vendors? We’re looking for a creative problem-solver and a self starter with a finesse for project management to join our Information Security team as a Security GRC Analyst III. You’ll work closely with our Director of Information Security to manage diverse governance, risk and compliance security-related tasks and issues for our rapidly growing company, with a focus on people, practices, systems and metrics. You’ll be asked to keep up with the latest industry requirements and will assist in the identification of security risks and the associated execution of remediation and corrective action plans, ensuring we are following up with those steps previously agreed upon by the business. Additionally, you’ll conduct regular vendor reviews and ensure compliance with iCIMS policy, as well as provide ISO 27001 audit and sales support. If you’re a highly organized, detail-oriented expert communicator with eGRC technology experience, let’s chat!

    About Us:

    iCIMS extends a work culture unlike any other East Coast-based technology provider. We focus on hiring candidates who display our seven core competencies—passion, drive, transparency, adaptability, empathy, kaizen, and customer commitment. If you eat, sleep, and breathe our competencies and desire to work in a casual yet results-driven environment that embraces innovation—then you’re just what we’re looking for!


    iCIMS is a high-growth Software-as-a-Service (SaaS) company that’s voted one of the Best Places to Work in New Jersey. We are the industry's premier recruitment software provider – delivering technology that supports approximately 4,000 contracted customers around the globe. Committed to both growth and stability, we have a lot of opportunities for career advancement within our organization. Come grow with us.


    • Work closely with Manager, Information Security in the coordination and facilitation of iCIMS security governance goals and initiatives
    • Support our Sales teams regarding prospect and customer security questions, assessments, and audits, including speaking to technical controls and their alternatives and appropriate risk mitigation.
    • Conduct assessments related to vendor risk management and following up on associated findings.
    • Provide support and act as key stakeholder of regulatory and compliance initiatives (e.g. ISO 27001, SOC2, GDPR, FedRAMP, etc.). Participate in associated audits as a primary lead, as necessary.
    • Identify, document, and track information security policy related non-conformities and assist in developing and monitoring corrective action plans.
    • Assist in identifying & tracking information security risks, assessing impact, and tracking the execution of mitigation plans.
    • Assist in tracking information security risk acceptances and exceptions and monitoring the execution of remediation plans.
    • Track and ensure adequate and timely resolution to all audit and risk assessment findings/issues relating to information security.
    • Assist in the monitoring of business continuity (BC) and disaster recovery (DR) planning and testing.
    • In conjunction with our Security Analyst team, develop control key performance indictors (KPI) to ensure compliance-related controls are operating to an acceptable tolerance level.
    • Perform periodic compliance checks across the iCIMS organization.Develop and define associated metrics to allow clear visibility into iCIMS governance, risk, and compliance status
    • Work with the Manager, Information Security on coordination and execution of integration plans for iCIMS acquisitions.
    • Moderate the annual review and update of information security related policies and processes.
    • Participate in and manage annual security awareness campaigns.
    • Work with detection/prevention systems (IDS/IPS), integrity monitoring, anti-virus/anti-malware, vulnerability management, data loss prevention (DLP), advanced persistent treat (APT), and policy compliance, as needed.
    • Evaluate and recommend GRC related technologies and solutions for future implementation.
    • Handle sensitive and/or confidential material and information with suitable discretion.


    • Bachelor’s Degree in Information Technology, Computer Science, related curriculum or equivalent experience.
    • A minimum of 5 years of experience in information security risk and/or compliance roles.
    • eGRC technology experience preferred (e.g., Archer, Rsam, etc.).
    • Prior experience with cloud-based security tools, technologies, and controls a plus (e.g, Amazon AWS, Azure).
    • Prior experience assessing, identifying and managing risk.
    • Familiar with and able to apply generally-accepted security methods, concepts and techniques, including an understanding of networks, operating systems, cloud operations and associated technologies and services
    • Highly developed organizational skills and attention to detail including the ability to handle multiple projects and priorities simultaneously with a high degree of professionalism and client service orientation
    • Excellent communication and interpersonal skills. Articulates thoughts and ideas clearly, concisely, and persuasively including the ability to communicate security and risk-related concepts across all stakeholder groups (written and oral):
      • Executive team, management, peers, and external customers
    • Ability to work effectively within a fast paced, changing environment that is going through high growth
    • A self-starter with the demonstrated ability to take initiative, who can proactively identify issues/opportunities and recommend actions
    • Strategic analysis/creative problem solving and business judgment are required
    • Knowledge of common Information Security governance frameworks such as ISO 27001/2, Service Organization Control (SOC2), Control Objectives for Information and Related Technology (CoBIT), Information Technology InfrastructureLibrary (ITIL), National Institute of Standards and Technology (NIST), FedRAMP, and FFIEC preferred.
    • Prior experience with Office365, Exchange, Sumologic, Alertlogic, AWS, Azure, Nexpose, App Spider, SentinelOne, Atlassian products, Whitehat a plus.
    • CISA, CISSP or similar security/GRC focused certifications a plus.

    EEO Statement:

    iCIMS is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sexual orientation, gender identity, national origin, protected veteran status, disability status or any other characteristic protected by law.


    <p style="margin: 0px;">Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.</p>
    Share on your newsfeed

    Connect With Us!

    Not ready to apply? Connect with us for general consideration.