About Supplier.io

Supplier.io is the leading data and SaaS provider to manage, optimize, and scale companies’ ESG and Supplier Diversity initiatives. Powered by unparalleled data intelligence, we connect companies with more sustainable and diverse suppliers so they can spend smarter and do business better. Working as a trusted advisor to procurement, Supplier.io's mission is to support every program by providing innovative and superior end-to-end ESG and supplier diversity sourcing solutions.

We are the pioneer and leading provider of data driven innovation and responsible sourcing solutions. Our mission is to help organizations track and grow business with diverse, small, social, and environmental suppliers to decrease supply chain risk, meet reporting requirements, make progress toward Environmental, Social and Governance (ESG) goals, and create positive economic and environmental impact. Come join a company with a great mission, culture, and innovative technology to make significant economic and environmental impact. 

For more information, visit www.supplier.io.

The Opportunity

We're seeking a motivated team player to join our Global Security and Compliance team and contribute to our fast-growing organization. As a Security Analyst, you'll play a key role in scaling our security operations. Responsibilities include hands-on experience in risk and compliance, managing security tools, and conducting internal/external audits and vulnerability tests. The ideal candidate should have a strong grasp of risk management, data privacy frameworks, cloud computing, and security processes. If you're a curious and investigative professional, ready to work with some of the world's largest companies, apply now!

What You Will Do 

• Provide consultation, guidance, and requirements to development, systems, network, and infrastructure teams, aligning with enterprise risk and security strategy and policies.
• Identify and address risks and deficiencies
• Prepare and present remediation reports and recommendations to mitigate data protection and information security risks for system owners and business units.
• Develop and upkeep of data protection and information security policies
• Stay apprised on current threats and attack vectors

• Coordinate internal and external security testing
• Coordinate internal and external security and compliance audits
• Generate and maintain comprehensive technical documentation, including runbooks, environment and application diagrams, data flow maps, and security documentation.
• Take ownership of project scope, objectives, and timelines.
• Demonstrate proficiency in security frameworks (SOC2, NIST, ISO, CIS) and compliance regulations (i.e. GDPR, CCPA).
• Conduct Data Protection reviews and implement Data Protection and Data Governance solutions throughout the data lifecycle.
• Support application security risk or compliance remediation efforts and communication.
• Foster partnerships to facilitate participation in corrective action plans for identified issues.
• Contribute to the continued development and scalability of the security awareness program.

What You’ll Need to Succeed: 

• Proficiency with security frameworks (SOC2, NIST, ISO, CIS) and compliance regulations (GDPR, CCPA).
• Experience implementing risk management initiatives
• Knowledge of typical application and cloud architectures
• Experience implementing monitoring and testing of security and data privacy plans and policies
• Familiarity with industry standard application security, vulnerability scanning, and GRC tools
• Working knowledge of OWASP and SANS Guidelines (XSS, SQL Injection, etc.) for application security
• Understanding of infrastructure technologies including firewalls, IDS/IPS solutions, WAF, SIEM, servers, load balancers, anti-malware (EDR/XDR)

Other Beneficial Knowledge

• Knowledge of AWS / Azure / GCP security practices
• Experience implementing IPS/IDS, WAF, and/or SIEM
• Experience with Web Application vulnerability testing
• Familiarity with penetration testing methodologies and tools
• Knowledge of software development lifecycle processes, integration of security assessments in System Development Life Cycle (SDLC) process, and secure coding practices
• Network / System Administration experience / background
• Security Certifications (i.e., CISSP, CISA, CSSLP, CEH, DCSP, SSCP)