Security Analyst II
Lucid Software · Raleigh, NC · 3 days ago
Information TechnologyFull-time
Responsibilities
- Conduct third-party vendor risk assessments and internal risk evaluations; identify, document, and report on potential vulnerabilities and control gaps.
- Respond directly to standard vendor security questionnaires and support internal teams (i.e. Sales, Customer Success, etc.) in answering security-related questions from prospects.
- Assist in tracking and collecting evidence for ongoing SOC 2 and ISO 27001 compliance audits.
- Proactively identify emerging threats and associated risks to existing business processes and corporate assets, and collaborate with senior team members to develop practical security solutions.
- Cook up and deliver security awareness training programs to employees to foster a strong security culture.
- Assure compliance to outside regulations affecting the Company
- Collect and maintain impactful security and compliance metrics for team dashboards.
- Partner with Legal, Engineering, IT, Finance, and HR to ensure corporate security policies are understood and followed.
- Identify operational inefficiencies and areas for improvement in our existing security controls, and help design smoother workflows.
Requirements
- Bachelor’s degree in information security assurance, business management, or a related field
- 2-3 years of experience with third party risk management, GRC, customer due diligence, etc.
- Understanding of common security frameworks and principles (e.g. NIST 800-53, ISO 27001, SOC 2, etc). Strong organizational skills with the ability to manage tasks independently and meet deadlines with minimal oversight on daily routines.
- Excellent verbal and written skills; comfortable translating security concepts into clear documentation.
- Strong interpersonal skills with a track record of building positive relationships across non-technical teams (like Legal, HR, Finance) and technical teams (like IT and Engineering) to resolve security risks collaboratively.
Preferred Qualifications
- Prior experience working within a modern SaaS environment or cloud-first technology company, with a basic familiarity of how cloud applications operate.
- Prior knowledge of and skill in applying risk management principles and practices
- One or more preferred Certification(s): CRISC, CISSP, CISA, SSCP, CC, Security+, CySA+, etc.
- Basic understanding of cloud environments (AWS, GCP, or Azure).