Cybersecurity Compliance Analyst

About Us: At Kobalt.io, our mission is to solve cybersecurity for SMBs at scale. We believe small businesses are the engine behind innovation and growth. Understanding the challenges that our customers have enables us to design and refine scalable cybersecurity services that support a secure path to growth. This is reflected in everything we do, from the programs we build to the partnerships we have developed with companies such as Vanta, Prescient, and Sumo Logic.

Role Overview: Kobalt.io is an equal-opportunity employer seeking passionate security professionals. The Compliance Analyst is an integral part of Kobalt’s security client-facing delivery team. This role involves tailoring cybersecurity protocols (policies, procedures, and protocols) to support client security journeys. Compliance Analysts also assist vCISOs with security assessments and technical implementation projects. Furthermore, the Compliance Analyst will provide security education and conduct regular phishing tests for clients. As a certified Vanta partner, the Compliance Analyst will utilize the Vanta platform to expedite client compliance as part of the security program. This is an excellent opportunity for candidates with GRC experience to expand their knowledge by working with clients of all sizes, in various industries, with different environments and challenges! This remote role is located in the Philippines.

Responsibilities:

• Assist vCISOs in executing elements and projects, such as risk assessments, within a security program
• Work directly with clients to understand their operations and tailor security policies and procedures that are fit for the organization
• Serve as subject matter expert of Kobalt’s security education platform
• Design and deploy phishing tests to clients regularly
• Provide compliance audit readiness support as required
• Provision, implement, and manage Vanta, or a similar GRC platform, for clients
• Build new tools and techniques to compress human-intensive tasks into work that can be achieved in a fraction of the time
• Document best practice procedures for commonly used technologies for the standardization of deployment
• Identify system misconfigurations and draw up recommendations for clients, and assist where necessary
• Collaborate with team members to assist with improvements, discovery, and production of creative and insightful security use-cases
• Capture regular metrics highlighting key activities, measurable accomplishments, and blockers
• Support the design and development of Kobalt’s service offerings through insightful feedback and a positive attitude as a contributing member of our security delivery team
• Help drive improvements in our best-in-class security services through the creation of knowledge-base articles and services documentation
• Respond to and engage our customers through our ticket system, chat, email, phone, or other mediums as required

Qualifications:

• 1-2 years of experience in Security Technologies, Information Security, Business Resilience, Technology Risk or related fields
• External-facing client experience
• Can work independently and with teams to identify and resolve challenges and overcome roadblocks.
• Ability to communicate effectively, both verbally and in writing, with clients and internal audiences
• Understanding of cybersecurity domains, including Security Operations (on-premise and cloud), Security Engineering, Information Risk Management, etc.
• The ability to articulate secure best practices of various aspects of information risk management in the context of people, processes and technology
• Report Writing: Emphasis on Spelling, Grammar, Word usage, and the ability to write a summary that answers the Who, What, Where, When, How, and, to the best of your ability, Why.
• Strong communication skills: Be able to perform summarization and commonality detection and "connect the dots" so that a group of facts is turned into contextual information. Then take that contextual information and determine if it proves your hypothesis right or wrong.
• Ability to quickly learn and adapt security best practices to a wide variety of technologies in use by clientele

Nice to have:

• Intermediate coding/scripting skills to help automate processes and scale implementation efforts
• Be familiar with technical system access controls, how to apply them, and what benefits are gained from controls.
• Ability to provide on-the-job training and knowledge sharing to other team members
• Solid sense of integrity and identification with the mission.
• Strong intuition and ability to think “outside the box”
• Attention to detail while seeing the bigger picture

Benefits:

• Competitive salary and benefits package
• Flexible work arrangements
• Professional development opportunities
• Fun and inclusive company culture