Granicus LLC
At Granicus, our mission is to help bring government and citizens closer together.

Sr. Information Security Analyst at Granicus LLC (Remote)

| Remote
Sorry, this job was removed at 11:27 a.m. (MST) on Monday, November 1, 2021
Find out who’s hiring remotely
See all Remote jobs
Apply Now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Are you looking for meaning and purpose in the work you do?

Granicus is a global (remote first) software as a service company building products for the public sector. We digitize government services for all levels of government: city, county, state and federal. We also work with the UK, Canada, Australia and EU.

Examples of our work:

  • City of Oakland, California has used Granicus solutions to enhance its transparency and citizen engagement efforts.
  • In the aftermath of Hurricane Harvey, the City of Hurst, Texas was inundated with calls and emails about how to provide donations, dollars or a helping hand, which consumed valuable staff time. They needed a "central source of truth" and an easier way to get vital information to residents before, during and after the hurricane.
  • Michigan Department of Health and Human Services (MDHHS) needed an efficient way to improve and increase foster parent recruitment in the state with a 400% over goal result.

Click => Success Stories to learn more about the impactful work we've done in communities across the country and world.

Some quick highlights about us:

  • #1 GovTech company
  • 22B messages sent annually (22B is not a typo)
  • 280M subscribers
  • 900+ global employees (300+ on the product team)
  • Remote first company, this is not temporary. Should you be seeking an in person or hybrid situation and live near one of our hubs we can accommodate you.

Click => Careers to learn more about working at Granicus.

About this role:

  • Hiring Manager: Mike Sangillo - Information Security Program Manager - LinkedIn Profile
  • Salary Range: $90,000 - $120,000 +bonus (starting salary may differ by experience and/or location)
  • Interview process: 5-6 steps that can be done in 2 weeks (calendars permitting)

Note: the following is a profile or persona of who we are looking for. If you have many of the characteristics below, and we want to learn more about all your skills, please apply so we can start a conversation.

The Sr. Information Security Analyst is part of the Granicus Security team with a primary responsibility in maintaining security documentation and supporting internal and external security assessments of Granicus cloud systems and products to ensure cohesive awareness of risk and risk reduction capabilities. Owns delivery of assigned security compliance projects in support of ongoing compliance programs. Assist team with other security and/or privacy compliance projects as assigned. Services should be performed in accordance with professional and department standards. Responsibilities include assessing the current adequacy of security strategy and controls for assigned systems, calculating the impact of potential adverse events, and facilitating risk mitigation planning and review sessions. This role assists with internal and third-party risk assessments.

What You'll Do:

  • Support security risk management framework for assigned Granicus applications using technical, writing, and auditing skills.
  • Two primary functions are as follows:
  • - Maintain existing and new information security and privacy policies, plans, and procedures within the framework of assigned compliance programs including System Security Plans (SSP) and related security documentation for internal systems
  • - Prepare for, participate in, and support security certification and NIST-800-53 based compliance audits (FISMA, FedRAMP, 800-171, CMMC, etc.) and ISO 27001 compliance audits – internal, externally contracted, or both as assigned
  • Work with engineering, product development, and key stakeholders to clearly assess compliance to selected/assigned security and privacy controls, and identify and define remediation steps to address vulnerabilities
  • Lead and conduct internal assessments if/when required to conduct and/or assist with internal NIST SP 800-53A and ISO 27001 assessments on internal systems through personnel interviews and documentation review, to determine compliance with policies and procedures, recommend corrective actions, and prepare findings reports
  • Gather or coordinate the collection of necessary evidence
  • Maintain POA&Ms and track associated mitigation for assigned products
  • Assist in the facilitation of GRC systems to improve documentation maintenance and documentation reuse.
  • Track compliance matrices across all supported security and privacy frameworks
  • Assist with the reviews and processing of monthly vulnerability scan results for assigned systems and works with the technical teams to ensure vulnerabilities are resolved on time
  • Track SLAs on audit and continuous monitoring findings
  • Manage 3rd-party assessments and penetration testing as assigned
  • Self-manages assigned projects, report status and performance metrics, issues and recommendations for success

Who You Are:

  • You have at least 5 years working with information security governance, compliance, or auditing with at least 3-years' as a lead assessor and with at least 2-years' direct or related experience assessing information systems following NIST Special Publications e.g. NIST 800-37, 800-53, 800-137, etc.
  • You have strong knowledge of variety of the IT technologies, architecture, concepts, best practices, and procedures, information security principles, standards, tools, and methodologies
  • You have experience with assessing commercial cloud environments
  • You have a strong "accountant-like" mindset and attention to detail, ability to interface with all levels of personnel (system administrators, ISSO, developers, etc.)
  • You have proven problem solving and analytical ability with the capacity to prioritizing key issues form large amounts of input
  • You can effectively handle ambiguous, dynamic tasks while able to adjust focus in response to events and circumstances
  • You have at least 5-years' experience with writing/defining/clarifying requirements for technical teams including authoring deliverables such as System Security Plan (SSP), Contingency Plans, Incident Response Plans, Security Assessment Report (SAR), Plan or Actions and Milestones (POA&M), and Business/Security Impact Analysis (BIA/SIA).
  • You can communicate clearly in small groups
  • You are results oriented with the ability to self-manage and work independently 
  • You have excellent organizational, planning, and time management skills
  • You are effective in Microsoft Word, Excel, and PowerPoint

Desired Characteristics:

  • You have at least one of the following certifications: Security+, CAP, CISA, CISM, CISSP
  • You understand and prioritize work according to time and resource constraints
  • You are comfortable with presenting work to small audiences (10-20 people)
  • You can operate effectively independently and in teams, making progress on tasks while dealing with potential process and project ambiguity
  • You have a strong desire to work in the Information Security and privacy field
  • You understand risk management concepts
  • You are flexible and be able to function in a fast paced and dynamic environment
  • You can work within and coordinate with other agile-based teams
  • You have experience with JIRA and Confluence is strongly desired
  • You have a working knowledge of, and ability to submit, non-complex database queries
  • You have FedRAMP experience
See More
Apply Now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Where we are

1999 Broadway is located in-between Denver’s Downtown and Uptown neighborhoods. Granicus occupies the 36 and 37 floors of the building.

Technology we use

  • Engineering
  • Sales & Marketing
    • C#Languages
    • JavaLanguages
    • JavascriptLanguages
    • PHPLanguages
    • PythonLanguages
    • RubyLanguages
    • SqlLanguages
    • ReactLibraries
    • Ruby on RailsFrameworks
    • OracleDatabases
    • PostgreSQLDatabases
    • SalesforceCRM

What are Granicus LLC Perks + Benefits

Granicus LLC Benefits Overview

Flexible Time Off
Medical (includes an option that is paid 100% by Granicus!), Dental & Vision Insurance
401(k) plan with matching contribution
Tuition & Training Reimbursement
Paid Parental Leave
Employer paid Short and Long Term Disability Insurance, Group Term Life Insurance and AD&D Insurance
Group legal coverage
Transit and/or parking supplement for office based employees
Free snacks and drinks in our offices
And more!

Volunteer in local community
Granicus has a dedicated impact team called Givicus that organizes different volunteer opportunities for our teams. We recently completed a book drive, food drive and a day at Habitat for Humanity.
Partners with Nonprofits
Granicus partners with Habitat for Humanity, DayMaker, and Hour of Code to help the communities that we serve.
Eat lunch together
Intracompany committees
Granicus has various impact teams for fun activities, volunteering and uniting the 3 main offices!
Daily sync
Open door policy
Group brainstorming sessions
Open office floor plan
Unconscious bias training
Diversity manifesto
Diversity Employee Resource Groups
Women at Granicus ERG, Black Leadership Group, Givicus is our philanthropy based community service group.
Hiring Practices that Promote Diversity
Unconscious Bias training is mandatory for all hiring managers. Extensive interview training for all interview panel members
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Pet Insurance
Wellness Programs
Onsite Gym
Team workouts
Mental Health Benefits
Retirement & Stock Options Benefits
401(K) Matching
Performance Bonus
Match charitable contributions
Child Care & Parental Leave Benefits
Generous Parental Leave
Flexible Work Schedule
Remote Work Program
Granicus has a remote-first policy. If you are located near one of our office locations, you are welcome to go in but, it will never be required.
Family Medical Leave
Company sponsored family events
Vacation & Time Off Benefits
Unlimited Vacation Policy
Paid Volunteer Time
Paid Holidays
Paid Sick Days
Employees receive 40 hours per year of paid sick leave.
Perks & Discounts
Beer on Tap
Casual Dress
Commuter Benefits
Game Room
Stocked Kitchen
Some Meals Provided
Fitness Subsidies
Up to $250 per year fitness allowance.
Home Office Stipend for Remote Employees
Professional Development Benefits
Tuition Reimbursement
Cross functional training encouraged
Promote from within
Online course subscriptions available
Paid industry certifications

Additional Perks + Benefits

Access to LinkedIn Learning, Tree house and safari books.

More Jobs at Granicus LLC