The Assoc. Security GRC Analyst will act as a key member of our GRC Information Security team and support the diverse governance, risk and compliance security-related tasks and issues for our rapidly growing company, including handling risk through a shared vision with the business leaders.

While focusing on people, practices, systems and metrics, and keeping up with the latest industry requirements, you will be tasked with addressing governance, risk and compliance efforts in support of the Manager, Information Security. As an Assoc. GRC Analyst, your main responsibility will be to team with account management, customer success managers and sales counterparts to ensure customers and prospects clearly understand iCIMS’ Information Security capabilities and practices. You will be expected to engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.

A solid technical background will be necessary to ensure that you are able to accurately convey the way iCIMS evaluates and addresses technical and security risks across our fast-changing environment. The Assoc. Security GRC Analyst will report directly to the Manager, Information Security’s Governance Risk and Compliance Team.

When you join iCIMS, you join the team helping global companies transform business and the world through the power of talent. Our customers do amazing things: design rocket ships, create vaccines, deliver consumer goods globally, overnight, with a smile. As the Talent Cloud company, we empower these organizations to attract, engage, hire, and advance the right talent. We’re passionate about helping companies build a diverse, winning workforce and about building our home team. We're dedicated to fostering an inclusive, purpose-driven, and innovative work environment where everyone belongs. 

• Support our Account Management, Sales and Customer Success teams regarding customer and prospect security questions, assessments, and audits, including speaking to technical controls and their alternatives and appropriate risk mitigation.
• Work closely with Manager, Information Security and the GRC team to support the coordination and facilitation of iCIMS security governance goals and initiatives
• Support assessments related to vendor risk management and following up on associated findings
• Provide support of regulatory, compliance and audit initiatives (e.g. ISO 27001, GDPR, SOC 2, etc)
• Contribute to the process of identifying, documenting and tracking information security policy related non-conformities and assist in developing and monitoring corrective action plans.
• Assist in identifying & tracking information security risks, assessing impact, and tracking the execution of mitigation plans
• Assist in the monitoring of business continuity (BC) and disaster recovery (DR) planning and testing
• In conjunction with our GRC team, develop control key performance indictors to ensure compliance-related controls are operating to an acceptable tolerance level.
• Perform periodic compliance checks across the iCIMS organization
• Support the identification and monitoring of metrics to allow clear awareness of iCIMS governance, risk, and compliance status
• Contribute to the annual review and update of information security related policies and processes
• Participate in monthly/annual security awareness campaigns
• Work with detection/prevention systems (IDS/IPS), integrity monitoring, anti-virus/anti-malware, vulnerability management, data loss prevention (DLP), advanced persistent treat (APT), and policy compliance, as needed
• Handle sensitive and/or confidential material and information with suitable discretion

• Bachelor’s Degree in Information Technology, Computer Science, related curriculum or equivalent experience
• A minimum of 2- 3 years of experience in information security and/or compliance related roles
• eGRC technology experience a plus (e.g., OneTrust, ServiceNow etc.)
• Prior experience with cloud-based security tools, technologies, and controls a plus (e.g., Amazon AWS, Azure)
• Familiar with and able to apply generally-accepted security methods, concepts and techniques, including an understanding of networks, operating systems, cloud operations and associated technologies and services
• Highly developed organizational skills and attention to detail including the ability to handle multiple projects and priorities simultaneously with a high degree of professionalism and client service orientation
• Superb communication and interpersonal skills. Articulates thoughts and ideas clearly, concisely, and persuasively including the ability to communicate security and risk-related concepts across all customer groups (written and oral): Executive team, management, peers, and external customers
• Ability to work effectively within a fast paced, changing environment that is going through high growth
• A self-starter with the demonstrated ability to take initiative, who can proactively identify issues/opportunities and recommend actions
• Strategic analysis/creative problem solving and business judgment are required

• Knowledge of common Information Security governance frameworks such as ISO 27001/2, Control Objectives for Information and Related Technology (CoBIT), Information Technology Infrastructure Library (ITIL), National Institute of Standards and Technology (NIST), FedRAMP, and FFIEC is a plus
• Bilingual French language proficiency preferred
• Prior experience with Office365, Exchange, Sumologic, Alertlogic, AWS, Azure, Nexpose, SentinelOne and/or Atlassian products is a plus
• CISA, CISSP or similar security/GRC focused certifications a plus

iCIMS is a place where everyone belongs.  We celebrate diversity and are committed to creating an inclusive environment for all employees. Our approach helps us to build a winning team that represents a variety of backgrounds, perspectives, and abilities. So, regardless of how your diversity expresses itself, you can find a home here at iCIMS.   

We are proud to be an equal opportunity and affirmative action employer. We prohibit discrimination and harassment of any kind based on race, color, religion, national origin, sex (including pregnancy), sexual orientation, gender identity, gender expression, age, veteran status, genetic information, disability, or other applicable legally protected characteristics. If you would like to request an accommodation due to a disability, please contact us at careers@icims.com.   

Competitive health and wellness benefits include medical insurance (employee and dependent family members), personal accident and group term life insurance, bonding and parental leave,  lifestyle spending account reimbursements, wellness services offerings, sick and casual/emergency days, paid holidays, tuition reimbursement, retirals (PF - employer contribution) and gratuity. Benefits and eligibility may vary by location, role, and tenure. Learn more here: https://careers.icims.com/benefits