Information Security Analyst
Performs governance, risk, and compliance activities including risk assessments for SaaS apps, vulnerability monitoring, third-party due diligence, and audit support in a financial services security team. Requires 2+ years in tech ops, audit, or GRC with knowledge of security principles and cloud controls.
A Day in the Life
- Operates assigned risk management processes such as vulnerability monitoring, due diligence questionnaire completion, audit or examination evidence gathering. A number of AI and automation tools will be available to facilitate increasing efficiency and scale in this work over time. The role will have some flexibility for specialization among the team.
- Perform application-level risk assessments by interviewing and documenting the key business processes and risks related to an application, and providing guidance regarding strong logical access controls to reduce risk. When appropriate, document issues and foster management attention related to remediation for control deficiencies.
- Perform due diligence or ongoing monitoring activities to evaluate security risks introduced through third-party relationships or applications or tools used by employees.
- Contribute to security awareness training or phishing simulation activities for training of employees and contractors.
- Gather data and ensure management attention towards key risk indicator (KRI) metrics for security.
- Monitor assigned issues through regular follow-up and reporting to ensure management attention and timely remediation.
What We’re Looking For
We are seeking a team member with 2+ years experience in technology operations, technology audit, or GRC. They will be a significant contributor to the security program.
The following skills/competencies are required:
- You’ve operated security controls in an IT operations role, or served as a Staff or Senior-level auditor (in public accounting or internal audit), or previously worked in a security role successfully.
- You have knowledge and familiarity with the principles of security risk management, including the CIA triad, design and operation of controls, and one or more control governance frameworks.
- You have a familiarity with security controls applicable to cloud computing and third-party SaaS applications, including logical access management processes, third-party due diligence and monitoring, and more
- You have experience learning new skills, including through research and the use of AI and automation.
New York City: $115,000-$125,000
This job may also be eligible for variable compensation in the form of a company incentive bonus.
Insider Threat Analyst
Insider Threat Analyst responsible for triaging alerts, conducting investigations, and mitigating insider risks using SIEM, UBA, and DLP tools. Requires 3+ years in security operations or investigations with strong cross-functional collaboration skills.
Senior Security Engineer
Own AI platform posture end-to-end: administer Claude/ChatGPT enterprise controls, build MCP servers and agentic tooling, harden security against prompt injection and data leakage, and create spend dashboards. Requires 5+ years security/IT/DevOps experience plus hands-on AI platform administration.
Senior Security Engineer
Senior Security Engineer on the Cyber Resiliency team designing detection controls, engineering SOAR/AI playbooks, leading incident response, and conducting threat hunts to strengthen Chainguard's security posture.
Senior vCISO / GRC Consulting Manager
Lead client-facing vCISO and GRC consulting engagements for SOC 2, ISO 27001, NIST, and CMMC compliance. Manage a team of consultants while advising executives on security program design, risk prioritization, audit readiness, and control implementation.