Blackbaud logo
Blackbaud

Blackbaud is a large, private company founded in 1981 to provide technology solutions to nonprofit organizations. The company helps its clients with fundraising

Principal Security Analyst - Governance, Risk, and Compliance

Location

United States

Posted

3 days ago

Salary

$101.9K - $132.8K / year

Seniority

Lead

Job Description

Principal Security Analyst - Governance, Risk, and Compliance

Blackbaud

Role Description The Cyber Security Governance, Risk, and Compliance (GRC) team is looking for a Principal Security Analyst to be a key member of a critical security program responsible for security risk and compliance activities across the entire enterprise. The role will require working with various company stakeholders to build and mature the processes of preparing for how Blackbaud identifies, documents, and assesses risk across the organization and determine the strength of our control framework and implementation. - Champion the security risk quantification program and process to enable informed decision making across the organization. - Articulate security risk through the development of Key Risk Indicators (KRIs) and report to multiple stakeholder groups, including the Executive Leadership Team (ELT) and Board of Directors. - Develop, assess, and implement cybersecurity controls and procedures required to protect the confidentiality, integrity, and availability of Blackbaud data. - Lead and coordinate internal and external security, compliance, and regulatory assessments, including customer audits, independent attestations, certification audits, and third party reviews. - Serve as the primary liaison with assessors and stakeholders to ensure successful completion of assessment activities and remediation efforts. - Act as a key stakeholder in corporate governance forums and committees by serving as an active advocate for cybersecurity practices, risk management, and policy compliance. - Partner with control owners to continuously monitor control implementations, assess effectiveness, and track noncompliance issues through resolution. - Enhance change management processes to socialize, communicate, and educate stakeholders on policy, standard, and procedure updates. - Identify opportunities to strengthen and mature the organization's governance, risk, and compliance programs through continuous improvement initiatives and industry best practices. Qualifications - 8+ year’s experience in Information Technology and/or Security - 3+ year's experience in leading audit/ assessment projects - 3+ year’s experience in risk management frameworks (i.e., NIST CSF) - 2+ year’s experience in quantitative risk management frameworks (FAIR, OCTAVE, etc.) - Experience in corporate GRC solutions (Archer, ServiceNow, etc.) - Experience in financial services, or other highly regulated industries (i.e. SOX, SOC, PCI DSS) - Experience working in an agile team - Demonstrated understanding of cyber risks and implementing mitigation plans - Possesses effective communication and presentation skills - Ability to handle multiple priorities and high stress situation - Industry Certifications like: CISSP, CRISC, CISM/CISA, AWS certification(s), Azure certification(s) Benefits - Medical, dental, and vision insurance - Remote-flexible workforce - Wellness Programs - 401(k) program with employer match - Flexible paid time off - Generous Parental Leave - Donations for Doers - Pet insurance, legal and identity protection - Tuition reimbursement program

Related Job Pages

More Security Analyst Jobs

MKS2 Technologies logo

Senior ISSO Security Analyst

MKS2 Technologies

Austin-based SDVOSB delivering application development, cybersecurity, instructional design and training to DOD and VA.

Full TimeRemoteTeam 201-500Since 2008H1B No Sponsor

• Use your experience to work with Veterans Affairs (VA) Information System Owners (ISO), Information System Security Officers (ISSO), site managers, and other system stakeholders to coordinate and drive the completion of Risk Management Framework (RMF) steps 0-6 ATO activities and requirements • Identify and mitigate risks, escalate project risks to leadership, understand and apply VA authorization policies and processes, and provide information system security expertise • Ensure the appropriate operational security posture is maintained for information systems throughout the system’s lifecycle from product acquisition and installation through decommission • Complete and maintain very detailed security documentation and coordinate to execute ATO support duties that documents security details related to system installations, a variety of IT systems, networks, hardware, and software in a variety of complex and simple installation sites • Work with your client to translate security concepts into actionable implementable solution recommendations to help the client make informed security decisions from all aspects of IT deployments ensuring full commissioning is completed through deployment into production and decommissioning • Act as an information security and RMF subject matter expert while broadening your skills in cybersecurity.

United States
$100K - $115K / year
CoE | Centro de Excelência Votorantim logo

Analista de Segurança da Informação Sr – Resposta a Incidente

CoE | Centro de Excelência Votorantim

Desafiamos o modo como as coisas são feitas. Sabemos que é possível fazer diferente. Escolhemos fazer juntos.

Full TimeRemoteTeam 501-1,000Since 2004H1B Sponsor

• Gestão de Incidentes: Liderar a resposta técnica a incidentes de segurança complexos (Ransomware, APTs, Insider Threats), desde a detecção até a lição aprendida (Post-Mortem). • Threat Hunting: Realizar caça proativa de ameaças na rede e nos endpoints, partindo de hipóteses baseadas em Threat Intelligence. • Forense Digital: Coletar e analisar artefatos digitais (memória, disco, logs) para reconstruir a linha do tempo do ataque. • Engenharia de Detecção: Criar e otimizar regras de correlação no SIEM e assinaturas de detecção (YARA, Snort/Suricata). • Automação (SOAR): Desenvolver playbooks e scripts (Python/PowerShell) para automatizar a resposta a alertas repetitivos. • Mentoria: Apoiar o desenvolvimento técnico de analistas júnior e pleno (N1/N2).

Brazil
Box logo

Security Analyst

Box

Box(NYSE: BOX)はインテリジェントコンテンツ管理(ICM)プラットフォームのリーディングカンパニーです。Boxのプラットフォームは、企業のコラボレーション促進や、コンテンツのライフサイクル全体の管理、重要なコンテンツの保護、そしてエンタープライズAIによるビジネスワークフローの変革を実現することを目指しています。

Full TimeRemoteTeam 1,001-5,000

Role Description Box's Security Incident Response Team (SIRT) is responsible for managing Box's security incidents. Box presents a unique opportunity to be a part of building our global security team at massive scale. We have built a world-class group with some amazing talent and this is a unique opportunity to grow with us. We need a Security Analyst with experience fighting security fires, who is comfortable being uncomfortable, and is willing to run point on incidents. You're passionate about helping the team better understand your areas of expertise and interest, and to share your knowledge in a collaborative environment that focuses on enabling the team to share their unique skills and perspectives. - Responding and investigating security alerts - Recognising trends in alerts to help strengthen Box's security posture and provide suggestions for enhanced alerts, detection coverage and automation - Executing and delivering work towards long-term goals and initiatives to support Box's overall security posture - Adapting to change and effectively organising work according to business priorities - The documentation of process and procedures Qualifications - Bachelor's degree in a technical engineering or IT related field or equivalent experience - A pulse on the tools, tactics and procedures the bad guys are using today and what they'll be using tomorrow. This includes Splunk, Burp Suite, etc. - Experience with formal security models like MITRE ATT&CK or CIS Critical Security Controls - You work well with the unpredictable, ever changing threat landscape that exists in cybersecurity - You can perform independently to collect data, perform analysis, and research findings to determine if abuse or exploitation occurred - Enthusiasm and passion for Cyber Security - Experience in three or more of the following: - Cloud Security - we're a cloud company! - System Security - MacOS/Linux/Windows - Network Security - IDS, PCAP - Malware Analysis & Forensics - Incident Response - Signature/Alerting Creation - Tools of the trade including RegEx, YARA - Scripting - We like Python but other languages like Golang are cool too - SIEM/Log Aggregation/Data Analytics/Query languages - Splunk SPL, Lucene, SQL, Elk DSL - Networking and Security certifications a plus - Cybersecurity Boot Camp experience/completion a plus - Familiarity with AI tools and AI security - Excellent communication skills Requirements - Must be willing to work a shift schedule (4 days x 10 hours, 1 weekend day) Benefits - Pension, medical and dental coverage - Robust wellness program including 25 days of vacation (plus your birthday off!) - Subsidized gym membership Equal Opportunity We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability, and any other protected ground of discrimination under applicable human rights legislation.

EMEA
Full TimeRemoteTeam 201-500Since 1999H1B No Sponsor

• Monitor and investigate security alerts and events across security tooling, cloud environments, business systems, and applications. • Support incident response activities including detection, analysis, containment, eradication, recovery, and lessons learned. • Develop and improve security monitoring, alerting, playbooks, and operational procedures. • Assist with threat hunting and proactive identification of security risks and suspicious activity. • Maintain awareness of emerging cyber threats, vulnerabilities, and attack techniques relevant to SaaS businesses. • Own day-to-day vulnerability management activities across infrastructure, cloud platforms, applications, and endpoints. • Work with technology teams to prioritise and coordinate remediation activities. • Track vulnerabilities through to resolution and provide reporting on remediation performance. • Support penetration testing activities and coordinate remediation of findings. • Support the security of cloud environments and SaaS platforms through implementation and monitoring of security controls. • Assist with identity and access management initiatives, including privileged access management, role-based access control, and identity governance. • Review cloud security recommendations and assist with remediation activities. • Partner with engineering teams to support secure software development practices. • Assist with the identification, triage, and remediation of application security vulnerabilities. • Support security testing activities including SAST, DAST, dependency scanning, and secrets detection. • Contribute to threat modelling and secure design discussions where appropriate. • Support the continued operation and improvement of the Information Security Management System (ISMS). • Assist with security audits, compliance activities, evidence collection, and control reviews. • Contribute to the development and maintenance of security policies, standards, procedures, and guidance. • Support risk assessments and assist with tracking risk treatment activities. • Help maintain compliance with frameworks and standards including ISO 27001 and applicable data protection requirements. • Respond to customer and prospect security questionnaires and due diligence requests. • Conduct security reviews of suppliers, partners, and third-party services.

United Kingdom