Sertifi is a self-funded, leading technology company dedicated to helping businesses finalize business faster, providing a complete agreements platform for the Hospitality and Travel industry. Brands like Marriott, Topgolf, and AEG Worldwide trust Sertifi to efficiently and securely sign documents, exchange card authorizations, and complete payments with their customers. Sertifi's easy-to-use platform helps tens of thousands of businesses in more than 135 countries, with more than $5 billion in payment requests sent through the system annually. With decades of experience in Hospitality and Travel, Sertifi is building a network that gives guests and travelers across the globe a great experience from the start.
We are currently seeking a Senior Security Analyst who can work cross-functionally demonstrating strong stakeholder engagement and communication skills, strong analytical and problem-solving skills, and the ability to respond to challenges and setbacks in an agile and resilient manner.This role functions as a security expert in many different spaces of security, leading projects and efforts to implement or improve the existing security posture of Sertifi.
This role excels in fast-paced environments and can think like both an attacker and defender and can help contribute towards proactive and preventative security measures to maintain the security of the Sertifi platform and keep our customer data safe in an evolving threat landscape.
Professional and ethical, you inspire trust and confidence through integrity and respect, and have the emotional intelligence to lead with empathy, connection, and assertiveness. Innovative and open to change, you are focused on finding opportunities for continuous improvement and ways to optimize work processes.
This position will report into our Director of IT Operations and Security.
Challenges You’ll Tackle:
- Responsible for maintaining our phishing simulation exercises from the creation of templates to the remedial training assigned and the presentation of results to senior management
- Own the continuous effort of spreading general security awareness across the organization and training developers on coding best practices through various learning modalities
- Creating/maintaining SOPS/Runbooks across our various security tools for consistency when triaging alerts
- Maintain and fine tune our security tools to reduce the noise and eliminate false positives to optimize time spent reviewing alerts
- Create reports on key security metrics to report to company stakeholders
- Assist in monitoring, analyzing, and responding to security alerts and events to identify potential security incidents or breaches (e.g. Reported phishing emails, Defender/SIEM alerts)
- Support all aspects of Information Security Data Privacy policies, standards, and processes as it relates to certification and compliance requirements
- Identify and analyze new requirements for policy impacts; develop and update policies, procedures and guidelines.
- Designing and Implementing SOAR best practices for the business
- Remediate control gaps as noted through internal risk assessments and external audit activities
- Owns the ongoing compliance, evidence collection, and all processes, including annual audits
- Perform Vendor Risk Assessments
- Be the primary point of security risk management activities, including analyzing, quantifying, and tracking identified information security risks and reviewing and documenting risk exception requests.
- Supports vulnerability management and responds to vulnerability reports for applicability, while taking remedial actions.
- Provide security expertise and advice to other teams within the company
- Identify, analyze, and interpret trends or patterns in complex data sets
What You’ll Need to Succeed:
- 5+ years of experience in IT Security Ops and/or GRC (Governance Risk and Compliance) ops; 8+ years of experience in lieu of an advanced degree from an accredited 4-year college or university
- Experience with IT governance, risk, and compliance management
- Experience with PCI, SOC1/2 Type 2 Audits, and related processes
- Experience writing policies, procedures, and controls in one or more standards/frameworks
- Ability to properly handle confidential data and strictly follow business process and procedures
- Deep understanding of security and analytical concepts, incident response and incident management methodologies, and IT security tools and controls.
- Excellent report writing skills, ability to prepare reports and associated metrics
- Effective communication skills, and the ability to explain security best practices to a non-technical audience
- You are collaborative and with an enterprise mindset, you speak up and welcome all input, opinions, and questions
Nice to haves:
- Jira/Confluence Workflow management and documentation
- Security Education Experience
- SIEM Implementation Experience
- Any ISC2 / Comp TIA / Cloud Security Certifications
What’s in it for you: You will work in a collaborative environment that welcomes new ideas and allows you to make an immediate impact on the team. You can also expect to have dedicated heads down time to code along with time set aside each month on Innovation Ideas. Additionally, we offer great benefits such as: Competitive salary, Unlimited PTO, medical/dental/vision insurance,short-term and long-term disability insurance, 401k with company match, paid parental leave, life insurance, pre-taxTransit Benefit Program.
Sertifi is proud to be an Equal Opportunity Employer. Sertifi is committed to building a diverse team of talented individuals who bring different perspectives to the business and who feel a sense of inclusion and belonging when they join our team. All individuals seeking employment at Sertifi are considered without regards to race, ethnicity, color, age, sex, religion, national origin, ancestry, pregnancy, sexual orientation, gender identity, gender expression, genetic information, physical or mental disability, registered domestic partner status, caregiver status, marital status, veteran or military status, citizenship status, or any other basis forbidden under federal, state, or local law
