Senior Information Security Analyst

Serving the People Who Serve the People

 

Granicus is driven by the excitement of building, implementing, and maintaining technology that is transforming the Govtech industry by bringing governments and its constituents together. We are on a mission to support our customers with meeting the needs of their communities and implementing our technology in ways that are equitable and inclusive. Granicus has consistently appeared on the GovTech 100 list over the past 5 years and has been recognized as the best companies to work on BuiltIn.

 

Over the last 25 years, we have served 5,500 federal, state, and local government agencies and more than 300 million citizen subscribers power an unmatched Subscriber Network that use our digital solutions to make the world a better place. With comprehensive cloud-based solutions for communications, government website design, meeting and agenda management software, records management, and digital services, Granicus empowers stronger relationships between government and residents across the U.S., U.K., Australia, New Zealand, and Canada. By simplifying interactions with residents, while disseminating critical information, Granicus brings governments closer to the people they serve—driving meaningful change for communities around the globe.

Want to know more? See more of what we do here.

We are looking for an experienced Senior Information Security Analyst to join the Information Security and Compliance team. The team manages internal and external audits, policies and procedures, control investigations to test effectiveness and identify efficiencies, and third-party risk management. We also provide support with RFPs, RFIs, other customer security questions, and customer security discussions. This role will report to the Manager of Information Security and Compliance.

 

In this role, you will lead audits, technical control investigations, and continuous development of security collateral – security answer library, audit runbooks, and other resources. You will need strong written and verbal communication, as this role will work with technical and non-technical teams, customers, and auditors. You should have experience with multiple audit frameworks, such as ISO 27001, SOC 2, PCI, or NIST 800-53 (e.g., FedRAMP, FISMA, CJIS), You should have a strong understanding of technical control implementation, as you will partner as an SME for cross-functional teams, supporting their understanding of the compliance requirements, control efficiencies, and auditability. We partner with Cloud Operations, Engineering, Corp IT and other teams to provide security guidance or recommendations, such as with vulnerability management, patching, system hardening, change control, and audit logging, alerts, & monitoring.

• Lead external compliance audits and attestations, including for FedRAMP, TxRAMP, ISO 27001, SOC 2, HIPAA, FISMA, CJIS, PCI, and Cyber Essentials. This includes internal audit preparation, evidence review and submission, coordinating audit schedules, and managing audit deliverables.
• Centralize and manage audit runbooks, including evidence runbooks. Build audit runbooks.
• Track audit findings and resolution.
• Lead audit retrospections to identify improvement opportunities, address challenges, and highlight success points.
• Identify and communicate control gaps or improvement opportunities, provide analysis of compliance requirements, evaluate remediation plans, and track through resolution.
• Build and maintain relationships with external auditors and control owners.
• Provide guidance to control owners. Work with control owners to identify opportunities to improve control implementation and scalability.
• Partner with product teams and control owners; provide guidance on compliance requirements for planned changes.
• Participate in change control review meetings to provide Security feedback and decisions.
• Manage security projects geared towards improvement of the ISMS, compliance audits, and security resources for internal stakeholders.
• Assist as security SME for support request escalations.
• Respond to customer questions, including to provide customer-facing responses and maintain a security answer library.
• Review and update security training content at least annually.
• Perform third party security reviews, including for new procurement, recurring reviews, and internal system management reviews.

Knowledge/Skills/Abilities

• Direct experience leading third party cloud security audits, such as ISO 27001, SOC 2 Type II, FedRAMP, StateRAMP, TxRAMP
• Knowledge of common security frameworks, such as NIST 800-53, ISO 27001, PCI, HIPAA, SOC 2, Cyber Essentials
• Understand nuances between different audit frameworks in order to educate and support internal control owners, prepare for audits, and manage the audit process
• Experience documenting company security policies and procedures
• Strong communication skills, written and verbal
• Program management experience for multiple compliance frameworks
• Experience working with a robust product set, including software and cloud services
• Ability to work with technical teams and non-technical teams
• Familiarity with AWS, Azure, and/or GCP cloud security and infrastructure

Experience/Credentials:

• 7+ years in information security and compliance
• Relevant security certifications are a plus, such as CISSP, CISM, CISA, CRISC, or equivalent.

Don’t have all the skills/experience mentioned above? At Granicus, we are trying to build diverse, inclusive teams. We do not have degree requirements for most of our roles. If you don’t meet every requirement above but are excited to learn more, we encourage you to apply. We might just be able to find another role that could be a perfect fit!

 

Security and Privacy Requirements

• Responsible for Granicus information security by appropriately preserving the Confidentiality, Integrity, and Availability (CIA) of Granicus information assets in accordance with the company's information security program.
• Responsible for ensuring the data privacy of our employees and customers, their data, as well as taking all required privacy training in a timely manner, in accordance with company policies.

 

The Team

• We are a remote-first company with a globally distributed workforce across the United States, Canada, United Kingdom, India, Armenia, Australia, and New Zealand.

 

The Culture

• At Granicus, we are building a transparent, inclusive, and safe space for everyone who wants to be
  a part of our journey.
• A few culture highlights include – Employee Resource Groups to encourage diverse voices
• Coffee with Mark sessions – Our employees get to interact with our CEO on very important and
  sometimes difficult issues ranging from mental health to work-life balance and current affairs.
• Microsoft Teams communities focused on wellness, art, furbabies, family, parenting, and more.
• We bring in special guests from time to time to discuss issues that impact our employee
  population
  
  

The Impact

• We are proud to serve dynamic organizations around the globe that use our digital solutions to make the world a better place — quite literally. We have so many powerful success stories that illustrate how our solutions are impacting the world. See more of our impact here.

At Granicus, we offer a comprehensive and flexible benefits package designed to support your well-being, growth, and work-life balance.

Here’s what you can expect as a India-based team member:

Flexibility & Balance

• Paid Time Off– Take the time you need to rest, recharge, and live your life.
  
• Company-Wide Wellbeing Days – Paid days off to unplug and focus on your mental health.
  
• Work From Home Reimbursement – Support a productive home office environment.

Health & Wellness

• Private healthcare benefits - Comprehensive coverage for you and your family.
  
• On-Demand Mental Health Support – Access to Headspace and other wellness tools.
  
• Fitness Reimbursement & Cycle Program – Stay active, your way.
  
• Critical Illness and Life Insurance Benefits

Family & Future

• Paid Parental Leave - For both birthing and non-birthing parents.
  
• Pension plan with employer contributions

Growth & Recognition

• Online Learning Platforms – Fuel your professional development.
  
• Competitive Salary & Bonuses – Your contributions are valued and rewarded.