Information Security Risk & Compliance Analyst supporting the maintenance of ISO 27001 standards. Contributing to risk assessments and compliance across AAB’s Business Protection Team.
About the role
- Security Engineer supporting cybersecurity initiatives at ButcherBox. Collaborating with engineering leadership and cross-functional teams to enhance security operations in cloud infrastructure.
Responsibilities
- Remediation of Security Vulnerabilities - Investigate and resolve issues such as missing access controls, outdated libraries, weak session management, and exposed configuration files—based on findings from internal audits and external penetration tests
- Security Alert Management - Monitor and resolve Critical and High alerts from Azure Security Advisor and Microsoft Cloud Defender, ensuring timely threat mitigation.
- Penetration Test Remediation - Drive resolution of findings from Cobalt penetration tests, coordinating with stakeholders to close security gaps.
- Policy Development & Implementation - Collaborate on updating and enforcing security policies, such as VPN usage, password standards, and session timeout configurations.
- Secure Architecture Consultation - Investigate and recommend secure solutions for data access, including support for POCs, test automation, and other ad hoc requests.
- Security Awareness & Advocacy - Promote security best practices across the organization through documentation, training, and internal communications.
- AI Security - Understand and help improve AI-related security within our Azure subscription, including data protection and model integrity.
Requirements
- Strong understanding of security frameworks and compliance standards.
- Excellent communication and collaboration skills.
- Azure security expert
- Self-starter with minimal supervision: able to prioritize tasks, manage time effectively, and drive initiatives to completion without constant oversight.
- Proven cross-team collaboration: willingness and ability to work across multiple teams (development, operations, risk, compliance, and product) to achieve security goals.
- Prior experience with security testing: familiarity with interpreting Pentest findings, working with remediation owners, and validating remediation effectiveness.
- Prior experience using the Cobalt security platform and website
- Prior experience securing Azure Kubernetes
- Prior experience securing API Endpoints
- Prior experience securing Azure storage accounts and key vaults
- Expert level knowledge of Microsoft Cloud Defender
- Experience in Jira Service Management
Benefits
- Equal opportunity employer
- Variety of products offered
- Reasonable accommodations during hiring process
Job title
Job type
Experience level
Salary
Degree requirement
No Education Requirement
Tech skills
Location requirements
Information Security Risk & Compliance Analyst at AAB managing compliance with ISO 27001, supporting enterprise risk assessments and enhancing information security systems.
Information Security Risk & Compliance Analyst at AAB focusing on ISO 27001 compliance and information security management. Collaborating across teams to ensure robust risk and compliance frameworks.
Security Principal at Optiv designing AI security solutions for clients, leveraging advanced security services and technologies. Driving pipeline generation and maintaining strong client relationships as a trusted advisor.
Cloud Security Architect supporting federal customer projects focused on architecture and security solutions. Conducting risk assessments and defining security requirements within a cloud environment.
Information Security Specialist responsible for enhancing cybersecurity posture through incident management and compliance. Collaborating with cross - functional teams to monitor threats and implement security measures.
Senior Lead Info Security Architect leading and collaborating on cybersecurity solutions at TIAA. Responsible for secure design and implementation of cloud security strategies and practices.
Part Time Security Officer providing protection for Collector's personnel and assets at trade shows across North America while reporting to Security Shows & Transportation Manager.
Enterprise Security Architect at PBCN GmbH designing and implementing security architectures. Collaborating with teams to ensure application security and conducting risk assessments.
IT & Security Manager at Medenterprises managing technology and cybersecurity for healthcare professionals in Australia and New Zealand. Leading strategic initiatives and infrastructure to enhance security posture.