CrawlJobs Logo
Middesk Logo Middesk · IT - Administration

Information Security Associate

United States, New York 90000.00 - 120000.00 USD / Year · Job Posted March 10, 2026
Apply Position
Job Link Share

Job Description

We’re looking for a Governance, Risk & Compliance professional to own and scale Middesk’s security, privacy, and compliance programs. This person will act as the connective tissue between engineering, legal, security, operations, and go-to-market teams—ensuring we meet customer, regulatory, and internal expectations without slowing the business down. This is not a purely technical role, but it requires technical fluency and the ability to act as a liaison (and sometimes interpreter) between the technical and non-technical teams.

Job Responsibility

  • Own Middesk’s trust and compliance platform (currently Vanta), including continuous monitoring, evidence collection, and control maintenance
  • Manage and maintain compliance with frameworks and assessments such as SOC 2, ISO 27001, and external penetration tests
  • Coordinate with internal teams and external auditors to support audits and assessments end-to-end
  • Maintain a current and accurate inventory of subprocessors and vendors, with particular focus on access to customer data and PII
  • Partner with Legal, Ops, and Engineering to assess vendor risk and ensure appropriate controls and contractual safeguards are in place
  • Own and respond to due diligence questionnaires (DDQs), security reviews, and trust-related inquiries from customers and partners
  • Develop reusable artifacts and processes to streamline security and compliance reviews as Middesk scales
  • Chair Middesk’s internal oversight or security committee, including agenda setting, documentation, and follow-ups
  • Own the lifecycle of security and compliance policies: drafting, review, approval, rollout, and periodic refresh
  • Ensure policies are aligned with actual practices and system behavior—not just “paper compliance”
  • Develop and maintain a strong understanding of Middesk’s data flows, systems, and architecture at a conceptual level
  • Act as a translator between technical teams (Engineering, Security, Data) and non-technical teams (Legal, Sales, Customer Success, Operations)
  • Identify gaps between how the business operates and how it is represented in compliance artifacts, and drive remediation
  • Be the internal point of contact for our external IT vendor (or be the person that makes the case that this needs to be brought in-house)

Requirements

  • Experience owning or materially contributing to SOC 2 and/or ISO 27001 programs at a SaaS or data-driven company
  • Hands-on experience with compliance automation tools such as Vanta, Drata, Delve, or similar
  • Strong understanding of data protection concepts, vendor risk, and security controls, even if not an engineer by background
  • Ability to manage multiple stakeholders, deadlines, and ambiguous requirements with good judgment
  • Clear written and verbal communication skills, particularly with auditors, customers, and internal leadership
  • Familiarity with privacy frameworks (e.g., GDPR, CCPA) as they intersect with security and vendor management

What we offer

Offers Equity

Middesk - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Information Security Associate

8 matching positions

Senior Associate Information Security Analyst

As a Security Managed Services Engineer (L2) at NTT DATA, your role will be to e...
Location
Location
India , Mumbai
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience with managed services handling security infrastructure and working knowledge of ticketing tools, preferably ServiceNow
  • Proficiency in active listening, with techniques like paraphrasing and probing for further information
  • Excellent planning skills, able to anticipate and adjust to changing circumstances
  • Strong ability to communicate and engage across different cultures and social groups
  • Adaptability to changing conditions and flexibility in approach
  • Client-focused mindset, always putting their needs and positive experience first
  • A positive outlook and the ability to work well under pressure
  • Willingness to put in longer hours when necessary
  • Bachelor's degree or equivalent qualification in IT/Computing, or relevant work experience
Job Responsibility
Job Responsibility
  • Monitor, identify, investigate, and resolve technical incidents and problems
  • Handle client requests or tickets with technical expertise
  • Manage work queues, perform operational tasks, and update tickets with resolution actions
  • Log incidents promptly and provide second-level support
  • Execute changes responsibly, flagging risks and mitigation plans
  • Work closely with automation teams to optimize efforts and automate routine tasks
  • Audit incident and request tickets for quality
  • Contribute to trend analysis reports to identify automation opportunities
  • Assist L1 Security Engineers with triage and troubleshooting
  • Support project work when required
  • Fulltime
Read More
Arrow Right

Associate Information Security Analyst

Join a dynamic team as a Support Engineer I, where you will apply problem-solvin...
Location
Location
India , Mumbai
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Degree in Computer Science or Information Technology
Job Responsibility
Job Responsibility
  • Apply problem-solving techniques and engage in basic information exchange with colleagues
  • Work is reviewed periodically based on a set of defined procedures or precedence
  • Normally receives general instruction on work and new assignments
  • Learns to use professional concepts
  • Applies knowledge and basic problem-solving techniques to define and resolve problems
  • Works on problems of limited scope
  • Exchanges standard/basic information with colleagues and immediate line manager/team leader
  • Develops stable working relationships internally
  • Determines a course of action based on guidelines and standard practices and procedures
What we offer
What we offer
  • Opportunity to grow in a diverse and inclusive environment
  • Workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive
  • Fulltime
Read More
Arrow Right

Risk & Information Security Associate Analyst

We are looking for a highly organized, detail-oriented Risk & Information Securi...
Location
Location
Cyprus , Nicosia
Salary
Salary:
Not provided
www-ap.albourne.com Logo
Albourne
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2–3 years of professional experience
  • Excellent organizational skills with the ability to manage multiple workstreams and meet deadlines in a dynamic environment
  • Strong written and verbal communication skills, including the ability to prepare concise, well-structured documents and interact professionally across all levels of the business
  • Meticulous attention to detail, particularly in preparing audit materials, compliance documentation, and reviewing access controls
  • Proactive and self-motivated, able to work independently and across time zones without direct daily supervision
  • Comfortable handling sensitive and confidential information with discretion
  • Interest in technology, cybersecurity, and enterprise risk
  • Basic understanding of information security principles and frameworks (e.g., ISO 27001, NIST)
  • Ability to interpret and work with structured information (e.g., policies, risk registers, audit plans)
  • Capable of coordinating inputs from multiple stakeholders and compiling them into coherent outputs (e.g., committee papers, training summaries, client DDQs)
Job Responsibility
Job Responsibility
  • Monitor and report on the effectiveness of information security controls
  • Support the identification, tracking, and resolution of security incidents or weaknesses
  • Assist in maintaining security metrics and dashboards for internal reporting
  • Contribute to the assessment of operational, technology, and third-party risks
  • Assist in evaluating controls and proposing mitigation strategies aligned with risk appetite
  • Participate in internal audits and control testing, ensuring timely remediation of findings
  • Help maintain and enforce security and risk management policies and procedures
  • Support compliance with relevant data protection, privacy, and information security regulations
  • Coordinate periodic user access reviews and assist with awareness initiatives
  • Work across departments to gather risk-related information and support secure business operations
What we offer
What we offer
  • Support for professional qualifications (such as CFA and CAIA)
  • Career growth and tools for ongoing learning and development
  • Medical insurance for you and your dependents
  • Provident fund
  • Yearly bonus dependent upon performance and company growth
  • Opportunity for international travel (i.e., short periods of secondment to other Albourne offices)
  • 5 additional service recognition holidays in surplus to standard annual leave
  • Albourne Training Days (minimum of 40 hours per year)
  • Free office parking
  • A supportive, diverse, and multi-cultural work environment
  • Fulltime
Read More
Arrow Right

Cybersecurity – Associate Information System Security Officer (ISSO)

At Boeing, we innovate and collaborate to make the world a better place. We’re c...
Location
Location
United States , Berkeley
Salary
Salary:
86700.00 - 117300.00 USD / Year
boeing.com Logo
Boeing
Expiration Date
June 15, 2026
Flip Icon
Requirements
Requirements
  • Successfully completed Tier 5 Investigation (T5), formerly known as a Single Scope Background Investigation (SSBI) by the federal government within the last 5 years, or requires candidate to have been enrolled in a Continuous Vetting program within the last 5 years
  • IAM Level 1 DoD 8140.03 (previously 8570.01) compliant certification (i.e. , Security+ CE, CAP, CISSP, CASP, CISM, GSLC)
  • 1+ years of combined experience and/or education in cybersecurity, IT, or a related field
  • Willing and able to travel domestically 10% of the time
Job Responsibility
Job Responsibility
  • Performs security analysis of operational and development environments, threats, vulnerabilities and internal interfaces to define and assess compliance with accepted industry and government standards
  • Assists with implementation of the Assessment and Authorization (A&A) processes under the Risk Management Framework (RMF) for new and existing information systems
  • Assists with development of Memorandums of Understanding (MOU), Interconnection Security Agreements (ISA), Risk Acknowledgement Letters (RAL) and support Continuous Monitoring (CONMON)
  • Assists with configuration management of assigned systems
  • auditing systems to ensure security posture integrity
  • Works with staff to complete assessments and test/analysis data to document state of compliance with security requirements
  • Conducts risk assessments and investigations, execute appropriate risk mitigations, and oversee incident response activities
  • Conducts periodic hardware/software inventory assessments
  • Interfaces with the appropriate government customers, suppliers, and company personnel to implement protective mechanisms and to ensure understanding of and compliance with cybersecurity requirements
  • Monitors the development and deployment of program information security for all program systems to meet the program and enterprise requirements, policies, standards, guidelines and procedures
What we offer
What we offer
  • Generous company match to your 401(k)
  • Industry-leading tuition assistance program pays your institution directly
  • Fertility, adoption, and surrogacy benefits
  • Up to $10,000 gift match when you support your favorite nonprofit organizations
  • Fulltime
!
Read More
Arrow Right

Associate Managed Services Information Security Analyst

The Associate Managed Services Information Security Analyst is an entry-level ro...
Location
Location
India , Hyderabad
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree or relevant qualification in Information Technology or Computing or a related field
  • Security certifications such as (but not limited to) AZ-500, SC-200, Security+, CEH, CISSP, CISM or similar
  • Certification in different networking technologies such as CCNA, JNCIA, ACCA, PCNSA, CCSA is advantageous
  • Entry level experience in SOC Analysis Operations
  • Entry level experience in SIEM usage for investigations
  • Entry level experience in Security technologies such as (but not limited to) Firewall, IPS, IDS, Proxy
  • Entry level experience in dealing with technical support to clients
  • Entry level experience in handling security incidents end to end
  • Entry level experience in configuring/managing security controls, such as SIEM, Firewall, IDS/IPS, EDR, NDR, UTM, Proxy, SOAR, Honeypots and other security tools
  • Entry level experience in Security Analysis or Engineering preferably gained within a global services organization
Job Responsibility
Job Responsibility
  • Works as part of a global Cyber Defense Centre (CDC) team that works 24/7 on rotational shifts
  • Works with client stakeholders and relevant internal teams to tune the MSSP platform and client SIEM to enable more efficient detection, analysis and reporting
  • Under guidance, generates continuous improvement ideas for supported security tools/technologies, to enable improvements to the company services, employee experience and client experience
  • Adheres to SOPs, customer Run Books and standard processes to ensure a globally consistent delivery whilst also proposing changes and improvements to these standards
  • Utilizes and document best practices and amend existing documentation as required
  • Support with security incident handling and response from several vectors including End Point Protection and Enterprise Detection and response tools, attack analysis, malware analysis, network forensics, computer forensics
  • Learns and utilizes a broad range of skills in LAN technologies, Windows and Linux O/S’s, and general security infrastructure
  • Ensures usage of knowledge articles in incident diagnosis and resolution
  • Under guidance, perform defined tasks to inform and monitor service delivery against service level agreements and maintain records of relevant information
  • Cooperates closely with colleagues to share knowledge and build a cohesive and effective team environment, benefiting the individual, the business and the client
  • Fulltime
Read More
Arrow Right

Cyber Security, Information Systems Security Officer

Jumpstart your career as a Cybersecurity professional with BAE Systems, supporti...
Location
Location
United States , Nashua
Salary
Salary:
77809.00 - 132275.00 USD / Year
baesystems.com Logo
Baesystems
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • SECRET Clearance is required for this position
  • Minimum of High School Diploma with 3 or more years of experience or Degree and 2 years of experience required
  • IAM Level I certification commensurate with DoD 8570.1M requirements (or ability to obtain certification within 6 months)
  • High level of personal motivation and initiative to learn and acquire new skills, and adapt seamlessly to an ever-changing security environment
  • Customer focused, excellent communicator and ability to work with limited supervision.
  • Strong organizational skills
  • Able to interface with other IA team members, other security disciplines (industrial security, physical security, special programs security, etc.), and program personnel
  • Basic understanding of simple networks, operations systems and computer functions.
  • Coursework in a technical discipline (i.e. programming/scripting, systems administration, cybersecurity/information assurance, etc.)
Job Responsibility
Job Responsibility
  • Responsible for supporting adherence to all aspects of a rigorous Risk Management Framework (RMF) compliance program as stipulated by NISPOM/DAAPM, JSIG, ICD 503, STIGs and associated NIST publications.
  • Partner with the Information System Security Manager (ISSM) to maintain Authority to Operate (ATO) approvals for various systems by adhering to the Risk Management Framework (RMF).
  • Support cybersecurity efforts throughout the RMF process for one or more assigned programs(s) to include the enforcement of System Security Plans, Plans of Action and Milestones (POA&Ms), assessing and auditing systems security controls.
What we offer
What we offer
  • health, dental, and vision insurance
  • health savings accounts
  • a 401(k) savings plan
  • disability coverage
  • life and accident insurance
  • employee assistance program
  • legal plan
  • discounts on things like home, auto, and pet insurance
  • paid time off
  • paid holidays
  • Fulltime
Read More
Arrow Right

Senior Associate Security Consultant OT Security

The Senior Associate Security Consultant is responsible for developing expertise...
Location
Location
India , Mumbai
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree or equivalent in Information Technology or Computer Science or Engineering or related field
  • Industry relevant certifications such as CISSP, CISM, CEH, GSEC or CompTIA Security+ essential
  • Moderate level of demonstrable experience in the Information Technology Security Industry or relevant experience in similar role within a related environment
  • Moderate level of experience with security architecture design principles
  • Moderate level of experience with industry compliance and standards such as ISO 27000, PCI:DSS, NIST, HIPAA or others
  • Moderate level of experience with security tools and techniques to cover SANS Top 25, OWASP or others
  • Strong interest in cybersecurity and a desire to learn and grow in the field
  • Knowledge of basic cybersecurity concepts, principles, and best practices
  • Familiarity with common security tools and technologies is a plus
  • Excellent analytical and problem-solving skills
Job Responsibility
Job Responsibility
  • Assists in conducting security assessments, vulnerability scans, and penetration tests to identify weaknesses in client systems
  • Analyzes security data, logs, and reports to detect and investigate security incidents or anomalies
  • Prepares and maintains documentation, including security assessment reports, findings, and recommendations
  • Collaborates with senior consultants to provide advice and support to clients on security best practices and risk mitigation strategies
  • Learns and uses various security tools and technologies for assessments and monitoring
  • Stays updated on the latest cybersecurity threats, vulnerabilities, and industry best practices
  • Assists in evaluating client systems for compliance with industry standards (e.g., ISO 27001, NIST) and regulatory requirements
  • Communicates effectively with clients to understand their security needs and concerns
  • Participates in training programs and certifications to develop expertise in cybersecurity
  • Fulltime
Read More
Arrow Right

Information Security & Compliance Engineer (ISO 27001)

We need a dynamic, technically literate security professional with a strong IT b...
Location
Location
Singapore , Singapore
Salary
Salary:
7000.00 - 9000.00 SGD / Month
https://www.randstad.com Logo
Randstad
Expiration Date
July 12, 2026
Flip Icon
Requirements
Requirements
  • Minimum 5 years of experience in information security, successfully balancing technical IT operations with governance
  • Direct experience serving as an ISO27001 ISMS management representative and coordinating assurance audits like SOC1/SOC2
  • Ability to confidently interpret cloud security logs, SIEM alerts, EDR findings, and vulnerability scans
  • You should understand cloud architectures (AWS/Alibaba Cloud preferred) and core security domains (IAM, encryption, network security)
  • ISO27001, ISMS management representative, cloud security logs, SIEM alerts, EDR findings, vulnerability scans, AWS, Alibaba Cloud, SOC1/SOC2, SIEM, DLP, EDR, ISO/IEC 27001, CISSP, CISA, IT Security, security compliance, CISM, CCSP, ISO 27001 Lead Imp
  • Associate Degree/Diploma
Job Responsibility
Job Responsibility
  • Lead the international ISMS framework as the primary representative, keeping all risk registers and policies sharp to guarantee seamless passes for ISO 27001, SOC 1/2, and OSPAR
  • Spot technical vulnerabilities stemming from audits or business scaling, then spearhead proof-of-concepts for advanced tools (like SIEM, PAM, and EDR) to validate them before infrastructure deployment
  • Steer the monitoring ecosystem by decoding complex alerts, threat intelligence, and vulnerability data from SIEM, EDR, and DLP tools into tactical defense strategies
  • Command emergency response efforts from simulated exercises to full post-incident reviews, while scheduling routine penetration tests and vulnerability assessments
  • Team up with DevOps, R&D, and Infrastructure squads to weave secure-by-design principles right into the DNA of the product platforms
  • Act as the technical authority on security, handling high-stakes client questionnaires and reviewing contract clauses to help close business deals
Read More
Arrow Right