What are the responsibilities and job description for the Information Security Analyst / Engineer position at Foxit?
Information Security Analyst / Engineer
GRC & Customer Assurance - Mid-Level
Location: Atlanta, GA
Experience: 5 years in Information Security, GRC, or related IT discipline
Level: P18
Role Summary
Foxit is seeking a mid-level Information Security Analyst / Engineer to support the protection of company information assets while enabling business growth through strong governance, risk, compliance, and customer assurance practices.
This role will partner closely with Sales, Customer Success, Legal, IT, Engineering, and business teams to support customer security requirements, manage audit readiness, strengthen GRC processes, and help maintain Foxit’s Information Security Management System.
The ideal candidate can translate technical security controls into clear, business-friendly language and support both internal security operations and external customer assurance needs.
Key Responsibilities
Customer & Business Security Support
Respond to customer security questionnaires, RFIs, RFPs, audits, and due diligence requests
Partner with Sales, Customer Success, and Legal to address security and compliance requirements during pre-sales and post-sales cycles
Maintain a centralized library of security documentation, including policies, certifications, architecture diagrams, and standard responses
Clearly communicate security controls, risks, and compliance posture to customers and business stakeholders
Governance, Risk & Compliance
Support and improve GRC processes aligned with ISO 27001, NIST CSF, SOC 2, and other relevant frameworks
Help maintain and mature Foxit’s Information Security Management System
Conduct risk assessments and support risk treatment and remediation plans
Manage security control documentation, testing, and evidence collection
Support policy lifecycle management, including creation, review, approval, and enforcement
Coordinate with control owners across IT, Engineering, HR, Finance, Legal, and Operations
Assist with GRC tool implementation and optimization, such as Vanta, Drata, OneTrust, or ServiceNow GRC
ISO 27001 & Audit Readiness
Support ISO 27001 certification, surveillance audits, and ongoing compliance activities
Coordinate audit evidence collection, control validation, and audit responses
Work with internal teams, external auditors, and certification bodies to maintain audit readiness
Identify opportunities to improve ISMS maturity and compliance efficiency
Third-Party & Vendor Risk
Conduct security assessments of vendors, partners, and third parties
Review vendor security documentation, certifications, and risk posture
Support vendor onboarding and ongoing monitoring processes
Partner with Procurement and Legal to define and enforce security requirements in contracts
Security Operations & Engineering Support
Monitor, investigate, and support response to security events and incidents
Assist with security tooling, including SIEM, EDR, IDS/IPS, firewalls, and vulnerability management tools
Support vulnerability assessments and coordinate remediation with technical teams
Contribute to incident response planning, tabletop exercises, and playbook development
Review system architectures for security risks and compliance alignment
Support cloud, on-premises, DevSecOps, and secure SDLC initiatives
Reporting, Awareness & Documentation
Develop and maintain security policies, standards, procedures, and training materials
Track and report KPIs/KRIs related to risk, compliance, audit readiness, and security posture
Support security awareness programs across the organization
Required Qualifications
5 years of experience in Information Security, GRC, IT Risk, Security Operations, or a related discipline
Experience responding to customer security questionnaires, RFIs, RFPs, or audit requests
Working knowledge of security frameworks such as ISO 27001, NIST CSF, NIST 800-53, and SOC 2
Experience supporting audits, control testing, evidence collection, and compliance validation
Strong understanding of risk assessment, control design, vulnerability management, and incident response
Ability to translate technical security concepts into clear, business-facing communication
Strong documentation, project coordination, and stakeholder management skills
Familiarity with Windows, Microsoft 365, macOS, identity and access management, encryption, and cloud security fundamentals
Preferred Qualifications
Bachelor’s degree in Computer Science, Information Security, IT, or a related field, or equivalent practical experience
Experience with GRC platforms such as Vanta, Drata, OneTrust, or ServiceNow GRC
Direct involvement in ISO 27001 certification or surveillance audit cycles
Experience with vendor or third-party risk management programs
Familiarity with GDPR, HIPAA, PCI-DSS, NIS2, or similar regulatory frameworks
Experience with AWS, Azure, or GCP environments
Participation in incident response tabletop exercises or organization-wide security training
Preferred Certifications
CISSP, CISM, CISA, or ISO 27001 Lead Implementer / Lead Auditor
GIAC certifications such as GSEC, GCIH, GCIA, or GCSA
CompTIA Security or CySA
Cloud security certifications such as CCSP, AWS Security Specialty, or AZ-500
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.