Togetherwork- IT Security Risk & Compliance - (Remote Based)

Togetherwork is a family of entrepreneurial businesses providing online dashboard solutions (SaaS) to groups and organizations for management, administration, and payments. Its purpose is to help these businesses grow, become more efficient, increase revenue, and provide excellent service to their members and constituents.

Togetherwork’s business lines provide software and payment solutions to a range of groups, including associations, fraternal organizations, museums, nature centers, pet services, universities, and zoos.

At Togetherwork, we are building the leader in Group Management Software and Payments by bringing together companies that connect people with the institutions most important to them. Our group of innovative companies are best-in-class in their respective verticals with strong management teams and commitment to customer service. When you start here, you will find yourself in an environment that is exciting, motivating, challenging, and fun. 

As an IT Security Risk and Compliance Analyst at Togetherwork, you will assist our growing Information Security team to further develop and manage our IT Risk and Compliance program. We’re looking for a self-driven, motivated person who understands the risks, regulations, frameworks and business practices that are part of running a technology based business. You will use this knowledge to help Togetherwork continue developing and implementing an effective, compliant, secure, and business-driven Information Security program.

You will serve as a partner to our business and technical teams, helping identify, manage, and mitigate risks. You will develop appropriate and necessary processes and controls to ensure Togetherwork meets all applicable security and compliance related requirements and help execute/manage internal certification processes (such as PCI, SOC, CCPA, GDPR, etc.) across the company.

You will also be responsible for supporting any internal or external audits, performing vendor due diligence, responding to security assessments, and performing additional security related tasks as required.

This position will involve technical work. As the security program continues to grow, technical tasks of managing tools, implementing technical controls, and performing technical analysis will be required.

Essential Duties and Responsibilities:

• Work directly with our Security, IT, Product, and Engineering teams to continue building and growing an Information Security risk and compliance practice at Togetherwork 
• Assist with the implementation, upkeep, maintenance and support of an IT Risk and Compliance program, including technical management of tooling and software to track, manage, and report on risk and compliance activities to key stakeholders. 
• Provide subject matter expertise (SME), understanding Togetherwork's business model, and creating necessary procedures and controls to keep products up to date in compliance. 
• Maintain a deep understanding of the latest risk and compliance landscape, implementing new controls, best practices, and process as needed. 
• Serve as an internal IT auditor to Togetherwork, understanding our controls and ensuring they are operating effectively 
• Serve as the point person for any internal or external audits, customer assessments, etc. 
• Act as a subject matter expert (SME) for internal and external vulnerability assessments. Interpreting, prioritizing, and communicating vulnerability management task to product and engineering teams as necessary in order to maintain compliance standards. 

Requirements: 

• Bachelor's degree in a relevant field.
• 3+ years’ experience in Information Security, Risk, and/or Compliance.
• Deep understanding in all aspects of risk management, data compliance, and information security technologies and tools.
• Strong knowledge of and experience with related risk and compliance frameworks (PCI, GDPR, CCPA, SOC, ISO27001, NIST CSF, etc.).
• Experience with Internal and External Vulnerability management tools, tactics, and procedures.
• Experience developing information security and compliance related policies, procedures, and controls.
• Exceptional written and verbal communication.
• Experience working within a Software as a Service (SaaS) company is a plus.

Industry specific certifications such as: CISA, CRISC, CISSP, GRCP, CGEIT, PMI-RMP, etc. a plus.

The Company offers a comprehensive employee benefits program, including:

• Medical, dental, and vision insurance options 
• 100% Employer paid short/long term disability
• Basic Life 
• 401(k) option with 100% company match 
• Flexible paid personal/vacation time built on mutual trust and accountability
• 10 sick days annually 
• 9 company paid holidays
• 6 weeks paid parental leave

Inclusion and Diversity: Togetherwork is an Equal Employment Opportunity Employer. We are a company where diverse backgrounds, experiences and viewpoints are valued. Togetherwork does not make hiring or employment decisions on the basis of race, color, religion, gender, gender identity, sex, sexual orientation, disability, veteran status, age, ethnic or national origin, or any other basis protected by all local, state or federal laws. 

Salary Range Disclosure

The base range represents the low and high end of the Togetherwork salary range for this position. Actual salaries will vary and may be above or below the range based on factors including, but not limited to location, experience, and performance. The range listed is just one component of Togetherwork's total compensation package for employees. Other rewards may include discretionary bonuses, long term incentives, a flexible paid vacation/personal time policy, 6 weeks paid parental leave and more.

Salary Range

US Remote: $ 70,000- $82,200 USD per year