Job Title: Information Security Analyst - GRC

Summary:

We are seeking a highly motivated and detail-oriented Information Security Analyst - GRC to join our growing team. This role is critical in ensuring the confidentiality, integrity, and availability of our information assets. The ideal candidate will have a strong understanding of security frameworks, risk management principles, and compliance requirements. This position will focus on Governance, Risk, and Compliance activities, including vendor risk management, policy management, security reviews, and internal audits.

Responsibilities:

• Manage and perform third-party risk assessments and annual security reviews for existing and new vendors. Develop and maintain a comprehensive vendor risk matrix, incorporating all current and future vendors
• Schedule and facilitate the annual compliance tasks, such as tabletop Disaster Recovery exercise, policy reviews, internal audits.
• Conduct internal security audits and perform gap analyses to identify vulnerabilities and areas for improvement.
• Manage the lifecycle of security policies, including development, updates, approvals, and communication. Ensure policy acceptance and training completion through effective communication and tracking.
• Schedule and conduct quarterly access reviews to ensure appropriate system access privileges.
• Monitor and improve system security alerts from various platforms and escalate incidents to the appropriate teams for investigation and remediation.
• Improve and maintain security documentation for our Trust Center, ensuring accuracy and completeness.
• Assist with the completion of security-related sections of Request for Proposal (RFP) questionnaires and customer security questionnaires.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field preferred.
• 2+ years of experience in Information Security, with a focus on GRC activities.
• Strong understanding of security frameworks (e.g., NIST, ISO 27001, SOC 2) and regulatory requirements (e.g., GDPR, CPPA, HIPAA).
• Experience with vendor risk management methodologies and tools.
• Experience with policy development and management.
• Familiarity with security monitoring tools and incident response processes.
• Excellent communication, interpersonal, and organizational skills.
• Ability to work independently and as part of a 1 team.  
• Relevant certifications (e.g., CompTIA Security+, CISA, CISSP) are a plus.

Working at Relyance AI

At Relyance AI, we create an unreasonably hospitable and data-driven culture. We prioritize exceeding customer, and each other’s, expectations in every interaction. This means empowered team members solving problems proactively based on information, crafting personalized experiences, and radiating enthusiasm. Behind the scenes, trust and freedom allow team members to find creative solutions, while shared purpose and recognition fuel a spirit of greatness to truly wow customers and each other. We deconstruct failures to learn from them and take great pride in our successes; celebrating both. 

Relyance AI is proud to be an equal-opportunity employer. We celebrate representation and are committed to creating an inclusive environment for all employees. We are committed to fair and equitable compensation practices. We use data-driven pay practices with the goal of ensuring offerings are competitive to the market and our team members are being compensated correctly based on their roles, experience, and location.