CrawlJobs Logo

Information Security Associate

middesk.com Logo

Middesk

Location Icon

Location:
United States , New York

Category Icon
Category:
IT - Administration

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

90000.00 - 120000.00 USD / Year
Save Job
Save Icon
Apply Position

Job Description:

We’re looking for a Governance, Risk & Compliance professional to own and scale Middesk’s security, privacy, and compliance programs. This person will act as the connective tissue between engineering, legal, security, operations, and go-to-market teams—ensuring we meet customer, regulatory, and internal expectations without slowing the business down. This is not a purely technical role, but it requires technical fluency and the ability to act as a liaison (and sometimes interpreter) between the technical and non-technical teams.

Job Responsibility:

  • Own Middesk’s trust and compliance platform (currently Vanta), including continuous monitoring, evidence collection, and control maintenance
  • Manage and maintain compliance with frameworks and assessments such as SOC 2, ISO 27001, and external penetration tests
  • Coordinate with internal teams and external auditors to support audits and assessments end-to-end
  • Maintain a current and accurate inventory of subprocessors and vendors, with particular focus on access to customer data and PII
  • Partner with Legal, Ops, and Engineering to assess vendor risk and ensure appropriate controls and contractual safeguards are in place
  • Own and respond to due diligence questionnaires (DDQs), security reviews, and trust-related inquiries from customers and partners
  • Develop reusable artifacts and processes to streamline security and compliance reviews as Middesk scales
  • Chair Middesk’s internal oversight or security committee, including agenda setting, documentation, and follow-ups
  • Own the lifecycle of security and compliance policies: drafting, review, approval, rollout, and periodic refresh
  • Ensure policies are aligned with actual practices and system behavior—not just “paper compliance”
  • Develop and maintain a strong understanding of Middesk’s data flows, systems, and architecture at a conceptual level
  • Act as a translator between technical teams (Engineering, Security, Data) and non-technical teams (Legal, Sales, Customer Success, Operations)
  • Identify gaps between how the business operates and how it is represented in compliance artifacts, and drive remediation
  • Be the internal point of contact for our external IT vendor (or be the person that makes the case that this needs to be brought in-house)

Requirements:

  • Experience owning or materially contributing to SOC 2 and/or ISO 27001 programs at a SaaS or data-driven company
  • Hands-on experience with compliance automation tools such as Vanta, Drata, Delve, or similar
  • Strong understanding of data protection concepts, vendor risk, and security controls, even if not an engineer by background
  • Ability to manage multiple stakeholders, deadlines, and ambiguous requirements with good judgment
  • Clear written and verbal communication skills, particularly with auditors, customers, and internal leadership
  • Familiarity with privacy frameworks (e.g., GDPR, CCPA) as they intersect with security and vendor management
What we offer:

Offers Equity

Additional Information:

Job Posted:
March 10, 2026

Employment Type:
Fulltime
Work Type:
Hybrid work
Icon
Middesk - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Information Security Associate

Risk & Information Security Associate Analyst

We are looking for a highly organized, detail-oriented Risk & Information Securi...
Location
Location
Cyprus , Nicosia
Salary
Salary:
Not provided
www-ap.albourne.com Logo
Albourne
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2–3 years of professional experience
  • Excellent organizational skills with the ability to manage multiple workstreams and meet deadlines in a dynamic environment
  • Strong written and verbal communication skills, including the ability to prepare concise, well-structured documents and interact professionally across all levels of the business
  • Meticulous attention to detail, particularly in preparing audit materials, compliance documentation, and reviewing access controls
  • Proactive and self-motivated, able to work independently and across time zones without direct daily supervision
  • Comfortable handling sensitive and confidential information with discretion
  • Interest in technology, cybersecurity, and enterprise risk
  • Basic understanding of information security principles and frameworks (e.g., ISO 27001, NIST)
  • Ability to interpret and work with structured information (e.g., policies, risk registers, audit plans)
  • Capable of coordinating inputs from multiple stakeholders and compiling them into coherent outputs (e.g., committee papers, training summaries, client DDQs)
Job Responsibility
Job Responsibility
  • Monitor and report on the effectiveness of information security controls
  • Support the identification, tracking, and resolution of security incidents or weaknesses
  • Assist in maintaining security metrics and dashboards for internal reporting
  • Contribute to the assessment of operational, technology, and third-party risks
  • Assist in evaluating controls and proposing mitigation strategies aligned with risk appetite
  • Participate in internal audits and control testing, ensuring timely remediation of findings
  • Help maintain and enforce security and risk management policies and procedures
  • Support compliance with relevant data protection, privacy, and information security regulations
  • Coordinate periodic user access reviews and assist with awareness initiatives
  • Work across departments to gather risk-related information and support secure business operations
What we offer
What we offer
  • Support for professional qualifications (such as CFA and CAIA)
  • Career growth and tools for ongoing learning and development
  • Medical insurance for you and your dependents
  • Provident fund
  • Yearly bonus dependent upon performance and company growth
  • Opportunity for international travel (i.e., short periods of secondment to other Albourne offices)
  • 5 additional service recognition holidays in surplus to standard annual leave
  • Albourne Training Days (minimum of 40 hours per year)
  • Free office parking
  • A supportive, diverse, and multi-cultural work environment
  • Fulltime
Read More
Arrow Right

Information Security Engineer

Responsible for maintaining the integrity and security of enterprise-wide cyber ...
Location
Location
United States , Reston
Salary
Salary:
Not provided
ltconsultingllc.net Logo
LT Consulting
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Active TS/SCI clearance
  • Bachelor’s degree in Computer Science, Engineering or a related field
Job Responsibility
Job Responsibility
  • Maintaining the integrity and security of enterprise-wide cyber systems and networks
  • Supporting cyber security initiatives through both predictive and reactive analysis, articulating emerging trends to leadership and staff
  • Coordinating resources during enterprise incident response efforts, driving incidents to timely and complete resolution
  • Employing advanced forensic tools and techniques for attack reconstruction, including dead system analysis and volatile data collection and analysis
  • Supporting internal HR/Legal/Ethics investigations as forensic subject matter expert
  • Performing network traffic analysis utilizing raw packet data, net flow, IDS, and custom sensor output as it pertains to the cyber security of communications networks
  • Reviewing threat data from various sources and develops custom signatures for Open Source IDS or other custom detection capabilities
  • Correlating actionable security events from various sources including Security Information Management System (SIMS) data and develops unique correlation techniques
  • Utilizing understanding of attack signatures, tactics, techniques and procedures associated with advanced threats
  • Developing analytical products fusing enterprise and all-source intelligence
Read More
Arrow Right

Information Security Risk Lead

The Information Security Risk Lead is responsible for driving efforts to support...
Location
Location
Thailand , Bangkok
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master’s/Bachelor’s/University degree or equivalent experience in Computer Science, Cyber Security, Computer/Information Engineering, Information Technology or a related discipline is preferred
  • One or more industry-recognized cybersecurity-related certifications such as CISSP, CISA, CISM, CRISC, ISO 27001
  • 6 - 10 years or above of relevant experience in Cyber Security Management / Cyber Security Operations / Technology Risk Management / Third-party Risk Management or IT Audit, preferably with experience gained from banking / finance services industry / consultancy / control compliance or legal disciplines
  • Experience in assessing cyber regulatory compliance from BOT, SEC etc.
  • Strong understanding of International Standards/Frameworks such as: NIST, ISO 27001series, COBIT, CIS, GDPR, DORA, etc.
  • Proficient in interpreting and applying policies, standards and procedures
  • Excellent project management and organizational skills (PMP, PRINCE2, etc. is a plus)
  • Strong consultation, reporting writing and communication skills with highly proficiency in both spoken and written English and Thai
  • Thai language fluency is a must.
Job Responsibility
Job Responsibility
  • Manage and validate deliverables of all Information Security (IS) programs, ensuring closure per agreed timelines and goals
  • Engagement with local regulators BOT, SEC, TB-CERT, Thai-CERT, MDES, NCSA, etc. on IS related matters
  • Manage regulatory exams and internal & external audits
  • Work closely with Global & Regional Information Security teams to improve processes and reduce risk, and support the IS regulatory related activities for Thailand
  • Manage internal/external resources to organize cyber-attack simulations exercise, coordinating and overseeing vulnerability, mitigation/remediation/correction action plans, and issues management process
  • Accountable for delivery of the associated remediation from regulatory assessments
  • Proficiency in preparing periodic updates / reports / presentation deck for both internal stakeholders and regulators
  • Provide timely and appropriate updates to regional and global stakeholders
  • escalate issues in a timely manner to senior management
  • Build and develop partnerships with business, IT, risk, compliance, IS, senior management staff and stakeholders
  • Fulltime
Read More
Arrow Right

Research Associate: Physical Layer Security

The Wireless Connectivity group is developing a secure and dependable architectu...
Location
Location
Germany , Dresden
Salary
Salary:
Not provided
barkhauseninstitut.org Logo
Barkhausen Institut gGmbH
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Above-average MSc/Diploma or PhD degree in areas related to our research focus (Electrical/Computer Engineering) from renowned universities
  • Good communication and writing skills in English
  • An integrative and cooperative personality with excellent communication and social skills
  • Good programming skills, preferably in Python
  • Knowledge of wireless communications and information theory
  • Knowledge of security protocols and architecture
Job Responsibility
Job Responsibility
  • Design and development of physical-layer security techniques and protocols
  • Computer simulation and investigation of proposed techniques
  • Supporting the development of hardware demonstrators
  • Participation in writing research publications and project deliverables
What we offer
What we offer
  • An open and creative team
  • Agile working hours and workflows
  • Cross-disciplinary projects
  • Work on future technologies
  • Flat hierarchies for your ideas and flexible teams
  • Family-friendly measures such as part-time work, mobile working and flexible working hours
Read More
Arrow Right

Information Security Manager

The Information Security Manager for the KSA Business Unit will be responsible f...
Location
Location
Saudi Arabia , Khobar
Salary
Salary:
Not provided
https://www.allianz.com Logo
Allianz
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Information Security, Computer Science, or a related field
  • Professional certifications such as CISSP, CISM, CISA, or equivalent are highly preferred
  • Minimum of 7 years of experience in information security, with at least 3 years in a managerial role
  • Strong knowledge of KSA cybersecurity regulations, including NCA and SAMA frameworks
  • Experience in implementing and managing security controls, risk assessments, and incident response
  • Familiarity with international security standards (ISO 27001, NIST, etc.)
  • Excellent leadership, communication, and stakeholder management skills
  • Ability to work effectively in a regional and multicultural environment
Job Responsibility
Job Responsibility
  • Work closely with the Compliance function to ensure compliance with KSA cybersecurity regulations
  • Ensure adherence to and enforcement of Nextcare’s security policies and guidelines across the KSA business unit
  • Identify, assess, and mitigate security risks, ensuring appropriate controls are in place to protect sensitive information and IT infrastructure
  • Lead security incident response efforts, including investigation, containment, and reporting to relevant authorities
  • Promote cybersecurity awareness across the business unit and conduct training programs for employees
  • Assess and monitor security risks associated with vendors, partners, and third-party service providers
  • Act as the key liaison between the KSA business unit and the regional security team, providing reports on security posture, incidents, and compliance status
  • Oversee security operations, ensuring continuous monitoring, threat detection, and vulnerability management
  • Implement and manage security controls, including Antivirus & Endpoint Detection and Response (EDR), Data Loss Prevention (DLP), Proxy Solutions, Email Security, and other controls
  • Stay updated on the latest cybersecurity threats, trends, and industry best practices to strengthen the organization's security posture
  • Fulltime
Read More
Arrow Right

Senior Information Security Specialist

As a Senior Information Security Specialist, you will play a critical role in sa...
Location
Location
United States , Clarksburg
Salary
Salary:
Not provided
imts.us Logo
Innovative Management & Technology Services
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent professional experience)
  • Minimum 7 years of experience in information security, IT risk management, or cybersecurity compliance, preferably in a federal or state agency environment
  • Demonstrated experience applying and interpreting NIST 800-53, OWASP, and DISA STIGs in real-world projects
  • Strong hands-on technical background in networking, system administration, or software development
  • Proficiency with SIEM tools—especially Splunk—for event correlation, alerting, and compliance reporting
  • Familiarity with Agile development environments and DevSecOps principles
  • Strong written and verbal communication skills, with the ability to create reports and briefings for technical and non-technical stakeholders
  • Active Top Secret clearance is required
  • U.S. Citizenship is required
Job Responsibility
Job Responsibility
  • Lead comprehensive reviews of management, operational, personnel, and technical controls throughout the system development lifecycle (SDLC)
  • Identify and assess emerging security risks, weaknesses, and vulnerabilities associated with infrastructure, applications, and operations
  • Collaborate with developers and engineers to ensure identified risks are mitigated and documented effectively
  • Ensure compliance with federal and industry security standards including NIST SP 800-53, OWASP Top 10, Common Criteria, DISA STIGs, and SANS Institute recommendations
  • Support and contribute to Authorization to Operate (ATO) packages, including preparation of SSPs, POA&Ms, and continuous monitoring (ConMon) artifacts
  • Advise on policy alignment and security architecture improvements to support secure Agile delivery
  • Apply technical knowledge of networking, system administration, and development to assess the security posture of enterprise environments
  • Utilize Splunk to perform audit log analysis, generate system alerts, and support threat hunting and incident response activities
  • Recommend and implement automated logging, monitoring, and security reporting processes
  • Engage proactively with Agile development teams, product owners, and ISSOs to embed security into project planning and delivery
What we offer
What we offer
  • competitive compensation
  • excellent benefits including tuition reimbursement and employer-contributed 401K
  • referral bonuses
  • Fulltime
Read More
Arrow Right

Information Security Analyst

This is an opportunity to work with Citi’s Global Secrets Management Platforms t...
Location
Location
India , Pune; Mumbai
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6-10 Years’ experience
  • Bachelor’s in Engineering Degree (Computer Science or Equivalent)
  • trainings/certifications in Cybersecurity will be considered a plus
  • CyberArk, HashiCorp Vault experience will be a big plus
  • Basic experience working with one or more of these scripting languages – Python, Unix Shell, Perl, Go & PowerShell scripting
  • Experience with one or more server operating system like Linux, Windows
  • Experience/basic understanding of CHEF, Ansible, Terraform, CI/CD
  • Experience with one or more cloud providers such as AWS, GCP, AZURE
  • Understanding of containers and associated technologies like Kubernetes/OpenShift
  • Excellent written and verbal communication skills
Job Responsibility
Job Responsibility
  • Provide BAU support for secrets management applications like CyberArk, HashiCorp Vault
  • Collaborate with various internal and external stakeholders/support teams as required to support the application and business needs
  • Work with client applications to provide integration/onboarding guidance
  • Identify security vulnerabilities in the system and implement necessary solutions to remediate the vulnerabilities
  • Strong Automation experience - Identify manual processes that can be smartly automated
  • Ensure security best practice is followed and provide solutions to improve existing infrastructure processes in the company
  • Be involved in the design and subsequent implementation of software and service infrastructure
  • Provide on-call support in rotation as required
  • Gather requirements and provide walkthroughs to businesses on usage of various SDKs and API services available for integration with Secrets/Identity and Access Management applications.
What we offer
What we offer
  • Equal opportunity employer
  • Reasonable accommodation for persons with disabilities
  • Inclusive and diverse workforce
  • Career development opportunities at all stages
  • Based on merit promotions
  • Opportunities for personal development
  • Respect for all employees.
  • Fulltime
Read More
Arrow Right

Information Systems Security Manager

Rackner is seeking a Information Systems Security Manager (ISSM) to support the ...
Location
Location
United States , Dayton
Salary
Salary:
Not provided
rackner.com Logo
Rackner
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor of Arts (BA)/Bachelor of Science (BS) and 10 years of experience, three (3) of which must be in the DoD OR 15 years of directly related experience with proper certifications, five (5) of which must be in the DoD
  • Must have at least one of the following certifications (DoD 8570 IAM II or IAM III certified): CAP
  • CASP+ CE
  • CISM
  • CISSP (or Associate)
  • GSLC
  • CCISO
  • HCISPP
  • Highly preferred to be Google Cloud Security Engineer, Google Workspace Engineer, and/or Google Cloud Architect certified
  • Knowledge of Information Systems Security and risk management processes and requirements per the Risk Management Framework (RMF), to include building, managing, and submitting RMF packages in support of IT platforms, cloud/web-based applications, traditional applications, or embedded IT systems
Job Responsibility
Job Responsibility
  • Assist with S&T Protection Plan efforts to include: Identifying and validating security requirements
  • Providing guidance to ensure the protection of technologies and information of various classification levels
  • Develop or evaluate program, project, or technology area security risk assessments and analyses, and provide mitigation plans
  • Provide security oversight for all aspects of technology control and S&T protection planning
  • Development of certification and accreditation documents
  • Provide support as a technical security advisor to internal and external entities on matters affecting overall protection architecture
What we offer
What we offer
  • Rackner embraces and promotes employee development and training and covers the cost of certifications relevant to a position and the technologies/services provided
  • Fitness/Gym membership eligibility
  • weekly pay schedule and employee swag, snacks & events are offered
  • 401K with 100% matching up to 6%
  • Highly competitive PTO
  • Great health insurance with large network of providers
  • Medical/Dental/Vision
  • Life Insurance, and short & long term disability
  • Industry-Leading Weekly Pay Schedule
  • Home office & equipment plan
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy