Security Analyst

Back to offers

Remote

Description

We’re GoSolve – a global company specialised in transforming our customers’ vision into digital applications. We love building large-scale cloud-based digital products and have the necessary skills to make it happen. Join us and work with the top tech talents from all over the globe in a driven, proactive environment. Do you wish to join a stable product development project? You will be a perfect fit!

Just GO for it.

We are searching for a Security Analyst to perform vendor security assessments. Ideal candidate will have experience performing third party risk assessments, working with OneTrust (Third Party Risk Management module) and is well versed in analyzing security frameworks (SOC2, ISO, NIST, HITRUST, etc.).

Location/time zone: LatAm/US (remote)

Responsibilities:

  • Perform in-depth vendor security risk assessments, evaluating their compliance with industry standards and security controls.

  • Utilize OneTrust or equivalent tools to manage and automate vendor risk assessments.

  • Review and analyze compliance reports, including SOC 2 Type II, ISO 27001, and NIST 800-53, to identify security gaps and potential risks.

  • Assess vendors’ security measures, including data protection, encryption, access controls, incident response, and secure software development maturity capabilities.

  • Issue, track, and review vendor security questionnaires and their findings, and follow up on remediation efforts to mitigate identified risks. 

  • Interpret and apply security compliance frameworks such as SOC 2, ISO 27001, NIST 800-53, etc. 

  • Ensure vendors maintain security controls that align with the organization’s policies and regulatory obligations. 

  • Provide actionable insights based on security assessments, compliance documentation, and penetration test results.

  • Support security audits by preparing vendor risk assessment reports and remediation tracking.

  • Enhance vendor risk management workflows within OneTrust to optimize security assessments.

  • Leverage security tools for risk scoring, compliance monitoring and threat intelligence.

  • Continuously improve vendor risk assessment methodologies and strengthen security controls.

Skills & Requirements:

  • 3+ years of experience in security risk assessments, vendor security evaluations, or compliance roles.

  • Hands-on experience with OneTrust or similar GRC tools (Governance, Risk, and Compliance).

  • Knowledge of SOC 2 Type II, ISO 27001, NIST 800-53, CIS, and other security frameworks.

  • Familiarity with security best practices for cloud services (AWS, Azure, GCP)

  • Understanding of third-party risk management (TPRM) processes.

  • Experience with reviewing security policies, audit reports, and due diligence documentation.

  • Experience with security questionnaires (SIG, CAIQ) and vendor risk scoring methodologies. 

Nice to have:

  • Relevant certifications such as CISA, CISSP, CCSP, ISO 27001 Lead Auditor, or CRISC.

  • Experience with automating vendor risk processes within OneTrust, Archer, or ServiceNow.

  • Knowledge of third-party cybersecurity risk scoring tools (BitSight, SecurityScorecard, or RiskRecon).

  • Understanding of supply chain risk management (SCRM) and emerging vendor security threats.

  • Strong communication skills to collaborate with vendors, internal security teams, and key stakeholders.

  • Detail-oriented approach to analyzing compliance documentation and identifying security gaps and vulnerabilities.

Benefits:

  • Be a part of the team that works for the most influential global brands. 

  • Opportunities to create industry-defining services using the latest technologies.

  • Responsible position – leverage your knowledge beyond simple coding.

  • Advise customers on optimal solutions – we trust your expertise!

  • No rush! Work at your own pace in a quality-over-quantity environment.

  • Collaborate with highly experienced professionals.

  • Numerous opportunities for professional growth.

  • Full-time remote work from anywhere in the world…

  • …or, if you enjoy the office ambiance more, from the WeWork office.

  • Monthly budget for social benefits – tailored to your location and lifestyle.

  • 20 days of paid time off.

  • Annual training budget.

GDPR DATA PRIVACY NOTICE
In accordance with Article 13(1) and (2) of the GDPR, we inform you that: 1. The controller of your personal data is the entity indicated in the job offer. 2. We will process your personal data for the purpose of conducting the recruitment process for the position indicated in the job offer, and if you have given consent in this regard, also for the purpose of conducting future recruitment processes. 3. You have the right to: access your data and request its rectification, erasure, restriction of processing, the right to data portability, and the right to object to the processing of your data. 4. We do not engage in automated decision-making or profiling. 5. For more information on how we process your personal data, please refer to the full text of the Information Clause for Job Candidates.

not set

Security Analyst

Location

Remote

Apply now

The link has been copied to the clipboard
Apply now

The link has been copied to the clipboard
1 week