Marigold helps brands foster customer relationships through the science and art of connection. Marigold Relationship Marketing is a suite of world-class martech solutions that help marketers create long term customer love and loyalty. Marigold provides the most comprehensive set of use cases for marketers at any level. Headquartered in Nashville, Tennessee, Marigold has offices globally across the United States, Europe, Australia, New Zealand, South America and Central America, as well as in Japan.
At Marigold we are committed to accommodating the email marketing needs of growing companies, which is the philosophy behind our continuous additions of innovative marketing technologies. We have an opportunity for a Governance, Risk, and Compliance (“GRC”) Analyst to join our global Security Risk Team, helping Marigold to realize its mission by addressing key security and compliance challenges in our global Security Program, and to build trust with customers and prospects.
We are looking for a talented and motivated individual who is looking to take the next step in their information security career. The ideal candidate will have excellent communication skills, a working knowledge of current information security related compliance frameworks, and experience in designing and assessing information security controls across a broad range of domains including, but not limited to asset management, third party security, logical access, and other related domains.
You will join the team as an individual contributor whose primary focus is supporting Marigold’s Information Security program through the execution of security assurance and compliance activities, including ISO 27001, SOC 2, and other compliance audits. Additional responsibilities include providing technical security advisory support to our sales and support teams when dealing with requests for information from Marigold’s customers and prospects.
This role will report to the Security Risk and Compliance Manager.
Support ongoing external audit activities (SOC 1, SOC 2, ISO 27001)
Respond to customer security questionnaires
Participate in customer / prospect security meetings
Plan, manage and execute on technology and security assurance activities (user reviews, process and technical assessments)
Participate as a member of the Information Security team to ensure all the latest security capabilities and features are accurately represented
Learn and evaluate the business environment and its associated risks. Influence change across other teams to improve the organizational security posture
Represent the Information Security team through interactions with other internal business teams (Product, Engineering, Finance, Sales, Client Support, etc.)
Develop expertise on Marigold’s products and services from a security lens
Direct experience contributing to independent audit or compliance responses and security questionnaire responses
Direct experience with IT risk management activities; participating in risk assessments, business impact analysis, etc.
Demonstrated strong verbal communication and presentation skills; this role must communicate effectively across a wide range of stakeholders
Working knowledge gained from direct experience in the following areas:
security questionnaire formats e.g. SIG, CAIQ, etc.
IT risk management activities - participating in risk assessments, business impact analysis, etc.
Functional understanding of the following Information Security related areas:
Concepts including, but not limited to, security policy management and governance, data and transmission encryption, network and endpoint security, identity management and user access principles.
Technologies including, but not limited to firewalls & WAFs, encryption, remote access systems, MFA
Audit and compliance standards (SOC, ISO 27001)
Direct experience interpreting customer questions and mapping them to industry standard controls
Direct experience working with questionnaire library products e.g. Loopio, Whistic, etc.
Direct experience working within a SaaS organization / environment
Direct experience working within the Prerequisite Knowledge - Functional Understanding areas
Industry relevant certifications (ICS2, ISACA, SANS)
Functional understanding of privacy legislation and requirements such as GDPR, CCPA
Degree qualified in a related IT discipline
What We Offer:
Competitive salary and benefits including: medical/dental/vision, life and accident insurance
Unlimited PTO (we call it Open Time Away) and a generous paid holiday schedule
401k plan with a company match on your contributions
Supportive work environment with flexible work hours
Paid parental leave
Opportunities to ensure you are always learning and growing