Information Security Analyst

Apex Fintech Solutions (AFS) is seeking an InfoSec GRC Analyst who will serve as a member of our InfoSec Governance, Risk & Compliance (GRC) team responsible for implementing and maintaining the risk and control self-assessment capability for all current and future Information Technology and Cybersecurity related audit readiness requirements. This is a fantastic opportunity to join the front lines of our cybersecurity defense working in the Financial Technology (FinTech) industry, learning leading practice techniques to secure our systems and data. 

Duties/Responsibilities 

• Assist in the development, implementation, and maintenance of a governance, risk, and compliance framework 

• Collaborate with internal stakeholders to identify compliance requirements and develop processes to ensure adherence 

• Prepare reports and present findings to management, highlighting areas of non-compliance and recommending corrective actions 

• Coordinate and facilitate the IT & Cybersecurity portion of all risk and compliance audits with the business units annually, and work with external audits performing the independent audits 

• Monitor changes in regulatory requirements and industry best practices and make recommendations for adjustments to policies and procedures. 

• Provide support to internal and external auditors and execute remediation plans when audit issues and concerns are raised 

• Support vendor due-diligence process, respond adeptly to client questionnaires and help to lead and define overall third-party risk management efforts 

• Support the InfoSec GRC team in implementing and maintaining the necessary control frameworks to support IT Control self-assessments across the organization 

• Support various Apex departments in their annual IT Control self-assessment in the role of an IT risk and control SME 

• Communicate and report to the InfoSec leadership team regarding control testing status, audit issues and deadlines 

• Champion transparency through the deployment of insightful operational metrics and KPIs 

• Execute User Access Reviews (UARs) to evaluate and correct user access, ensuring it aligns with job roles and the principle of least privilege 

• Leverage learning management system(s) (e.g. LinkedIn Learning) to stay current with IT and security technologies, trends, vulnerabilities, and threats to be a value-added member of the team 

• Provide a timely response to third-party and client’s security due diligence questionnaires. Ensure that security requirements are met and documented 

Education and/or Experience 

• Bachelor’s degree in computer science, Information Technology, Cybersecurity or equivalent combination of education and experience 

• 2+ years of professional experience in the information security or information risk management field 

• Experience in collaborating with engineering teams and external agencies, serving as a critical liaison or auditor 

Required Skills/Abilities 

• Demonstrated ability to think critically, proactively manage assigned tasks, handle multiple tasks concurrently and adhere to tight deadlines 

• Intermediate knowledge of the IT risk and control assessment or the IT audit process of relevant systems 

• Intermediate knowledge of IT control requirements for regulations such as Financial Statement, Sarbanes-Oxley (SOX) and Service & Organizational Controls (SOC) 

• Intermediate knowledge of IT risk and control frameworks such as NIST CSF 

• Strong presentation, communication, and writing skills with a demonstrated ability to present analysis and findings in a cohesive, understandable, and actionable format 

• Self-motivated with a strong desire to learn new skills

Work Environment

• This job operates in a Hybrid office environment

• Our flexible work arrangements support a healthy work-life balance

• We provide opportunities for growth through training and a dynamic professional development program