Security Analyst (Compliance)
Who we are...
Connecting people in a more meaningful way is not just what BombBomb’s software delivers - it’s what drives our teams every day. Through simple, personal video, we aim to Rehumanize communication. Our team is resourceful and intelligent. Competitive and collaborative. Fun-loving and tenacious. We’re close-knit and love adding new talent to the mix. If you are seeking a dynamic workplace and new challenges, we want to hear from you!
Who we're looking for...
As a Security Analyst, you will ensure the secure operation of the in-house computer systems, servers, and network connections in accordance with our internal processes, procedures, and compliance requirements. The tasks also include conducting regularly scheduled audits on internal systems and hosting third-party audits as required in order to maintain certifications and compliance certificates. The other main focus areas will be deploying, managing, and maintaining security audit systems and their corresponding or associated software.
You will develop, implement, maintain, and oversee enforcement of internal security policies and procedures. You also plan and implement system security administration and user system access based on industry-standard best practices and compliance requirements.
The Security Analyst is a critical role at BombBomb, as you are a leader in designing, assessing, and improving BombBomb’s security posture. As for compliance, you are expected to speak with customers as a security representative of BombBomb regarding the customer’s due diligence process during sales calls. You will also participate in the completion of due diligence questionnaires.
Arguably your most important role is to ensure all systems and processes are aligned with BombBomb’s current SOC2 Type 2 compliance requirements - you will operate as the point-of-contact during the annual SOC2 audit.
What you will do...
- Delivery of and reporting on the status of all IT audit recommendations
- Perform customer third-party due diligence reviews
- Read contractual documents and agreements
- Provide organizational guidance during SOC2 Type 2 auditing
- Maintain BombBomb’s security and compliance strategy
- Assist with the development of control frameworks to meet business and regulatory requirements
- Assist in developing security and compliance strategy
- Provide technical security consulting support to address complex business and technology projects and requests.
- Contribute to strategic planning to evaluate, deploy or update security technologies.
- Analyze and implements security solutions to meet customer requirements.
- Conduct risk assessments to evaluate the effectiveness of existing controls and determine the impact of proposed changes to business processes, applications and systems.
- Promote cross-department collaboration and communication to ensure appropriate processes, procedures and tools are installed, monitored, and effectively operating and alerting
- Assist sales as security liaison with potential clients
- Maintain technical documentation
How you'll do it...
Embody BombBomb’s core values: Relationships, Fun, Humility, Flexibility and Service
- Thoroughness / Detail-oriented - Be thorough in cataloguing and keeping track of all our network, hardware and software assets and keeping them up to date with the latest security fixes. Know the security policies well enough to know when you see something isn’t implemented well from a security standpoint.
- Flexibility - Willing to learn new things, ability to quickly shift between duties and work on many different tasks during the course of the day. Ability to deal with unexpected situations or changes in plan. Ability to be self-reliant without constant supervision
- Humility and Empathy - This is an internal service-oriented role, and will be supporting many different people in the organization. Having a humble attitude and open mindedness is important to understanding people’s needs.
- Communication - Be a good communicator and build relationships with the people you will be assisting in the office. Good written and verbal communications skills when assisting employees. Communicate clearly with vendors to procure software and hardware, and ability to negotiate better pricing when possible.
- Love for Computers and Technology - Is excited to learn about new hardware and software technologies and proficient in troubleshooting related issues.
- Teamwork - Reaches out to peers and cooperates with supervisors to establish an overall collaborative working relationship.
Our ideal candidate will be or have...
- 3-5 yrs experience in a security and / or compliance role.
- Degrees in CS or Information Systems preferred, or equivalent experience
- Security experience within a large AWS environment
- Experience with Splunk is a plus
- Immaculate attention to detail
- Strong interpersonal skills
- Impeccable organizational skills
- Your unique strengths - if you don't match everything we're looking for, tell us why you'd be a great fit in your cover letter.
Compensation:
The salary range for this position is $75,000 - $105,000 annually. Final compensation for this role is determined by a variety of factors, such as a candidate's relevant work experience, skills, certifications, and geographic location.
Work location expectations:
The Security Analyst can work fully remote, but also has the option to come into our office in Colorado Springs.
BombBomb Benefits Package Includes...
- Excellent Medical, Dental and Vision Benefits for you and your family (2 of these plans BombBomb covers 100% for the Employee)
- Flexible Paid Time Off program
- 8 paid holidays
- 401k Plan with employer match
- Mental Health Days - First Friday of every month off
- Monthly Internet stipend
- New Hire Home Office set-up bonus
- Annual Education / Development for your career growth