Information Security Analyst - VRM

Who are we?

Smarsh empowers its customers to manage risk and unleash intelligence in their digital communications. Our growing community of over 6500 organizations in regulated industries counts on Smarsh every day to help them spot compliance, legal or reputational risks in 80+ communication channels before those risks become regulatory fines or headlines.  Relentless innovation has fueled our journey to consistent leadership recognition from analysts like Gartner and Forrester, and our sustained, aggressive growth has landed Smarsh in the annual Inc. 5000 list of fastest-growing American companies since 2008.

About the Team

The Cyber and VRM Managed Services team at Smarsh helps customers manage cyber compliance and third-party risk by utilizing our Smarsh’s compliance products. We provide white glove service to our customers to reduce risk, streamline operational costs and helping navigate the evolving threat and regulatory landscape.

Primary Responsibilities

• Manage day-to-day operations for Smarsh clients, including managing and reviewing vendor security assessments, providing suggestions to establish or enhance their VRM program when needed, delivering our due diligence solution, and hosting regularly scheduled calls.
• Utilize vulnerability testing tools, tactics, and procedures to perform analysis and identify vulnerabilities - Implement static and dynamic security testing as part of an automated application security testing process.
• Demonstrate strong customer service skills to ensure a smooth experience for both our customers and our internal business unit partners.
• Interact with customers via email and phone in a professional manner to guide them through our platform and best practices.
• Perform vulnerability assessment and penetration testing for Smarsh’s customers using off the shelf tools.
• Support other operational duties as assigned as part of the Smarsh VRM team.

Requirements

• 3 to 5 years of related work experience specifically in Vendor Risk Management and/or Information Security.
• CTPRP, CISA, CISM, CRISC or similar certifications are a must.
• Works well under pressure with tight deadlines to deliver superior service to our current/potential clients and internal business unit stakeholders.
• Experience reviewing security assessments for completeness and overall risk.
• Understands best practice cybersecurity controls, processes, procedures, and policies.
• Proactive, self-motivated, and highly professional, with outstanding customer relationship skills and ability to work unsupervised for extended periods of time.
• ·Experience with security assessment tools, including Nessus, Metasploit, or Cobalt Strike is desirable.
• Demonstrates project management and documentation skills while managing multiple parallel work streams.
• Detail-oriented with strong interpersonal, written and verbal communication skills
• Ability to overcome challenging learning curves and proficient with both Microsoft Office Suite and Google G- Suite.
• Experience with server administration, TCP/IP networking, vulnerability identification and exploitation