Senior Security Analyst

Founded in 2000, Ivalua is a leading global provider of cloud-based procurement solutions.COMPANY OVERVIEWAt Ivalua we are a global community of exceptional professionals, who believe that digital transformation revolutionizes supply chain sustainability and resiliency to unlock the power of supplier collaboration. We achieve this through our leading cloud-based spend management platform that empowers hundreds of the world's most admired brands to effectively manage all categories of spend and all suppliers to increase profitability, improve ESG (environmental, social, and corporate governance) performance, lower risk, and improve productivity. Driven by our passions and fueled by our shared ambitions, we empower and challenge each other to create meaningful experiences for our colleagues, customers, partners, and communities.You will be part of the InfoSec team with a mission to build, maintain, and continuously improve our Information Security program, providing peace of mind and assurance of protection and safety to our customers. Our team is hands-on, with a strong problem-solving mindset, capable of thinking holistically about implementation and providing solutions to address our customers' long-term challenges. We work hard and play hard, enjoying various indoor and outdoor activities organized by the company, allowing you to focus, collaborate, and unleash your creativity.ROLE:We are looking for a Senior Security Analyst to join our InfoSec team. This role will help drive various GRC activities which include supporting prospect and customer security questions, maintaining security policies, supporting security audits and assessments and driving new security certifications/compliance initiatives.WHAT YOU WILL DO WITH USLead and support compliance initiatives across global and regional frameworks including SOC 1/SOC 2, ISO 27001, IRAP, PCI-DSS, SecNumCloud, Cyber Essentials Plus (CE+), BSI C5, NIST 800-53Evaluate technical controls across the technology stack, including all layers of the TCP/IP model (e.g. network segmentation, firewall rulesets, TLS/SSL configuration, IDS/IPS, access controls, application security, encryption in transit/at rest, cloud security configurations), and translate security requirements into actionable guidance for engineering and infrastructure teams.Drive and manage customer security audits, security questionnaires, and contract reviews with a primary focus on the EMEA region. Participate in the negotiation and review of French contracts to ensure alignment with security and compliance obligations.Attend prospect and customer meetings and effectively present Ivalua’s security architecture and control information to them.Lead or support internal and third party security risk management processes, including risk identification, analysis, scoring, treatment planning, and ongoing monitoring.Support continuous compliance monitoring activities using manual and automation and GRC tooling to maintain control effectiveness, generate evidence, and ensure audit readiness.Own execution and coordination of key security and availability controls such as Business Impact Analysis (BIA), Disaster Recovery testing, security incident response exercises, access reviews, etc.YOUR PROFILEIf you have the below experience and strengths this role could be for you:Skills and Experience:At least 4 years of experience as Security Analyst GRCStrong working knowledge of security, risk, and compliance frameworks (e.g. NIST CSF & 800-53, ISO 27001, SOC, HITRUST, HIPAA, PCI-DSS, GDPR)Direct experience managing audits, self-assessments, or risk assessments against one or more InfoSec frameworks listed aboveExperience performing or supporting security risk management processes (risk assessments, risk registers, business impact analysis)Familiarity with continuous compliance and monitoring platformsGood understanding of cloud platforms (Azure, AWS, GCP) and ability to discuss security architecture and control implementation with technical teamsKnowledge and experience working with IT and security personnel as well as security concepts across all layers of technology (network, infrastructure, web applications, cloud environments)Knowledge of risk and security industry literature and knowledge bases (e.g. OWASP, MITRE ATT&CK, NIST 800-39)Relevant audit and/or Information Security certifications (e.g. CISSP, CISA, CISM, Azure Cloud Security) are desiredPrior experience at a Big 4 firm or in a security/compliance function in a cloud/SaaS environment is a plusSoft Skills:Excellent interpersonal, communication, and organizational skills. Ability to communicate efficiently and professionally in both French and English, including in contractual, regulatory, and technical contextsDemonstrated ability to work across geographically distributed teams and with external vendors, auditors, or regulators.Strong organizational skills and attention to detail; able to manage multiple competing priorities in a fast-paced environmentHigh degree of initiative, self-motivation, and ability to work independently with limited supervisionWHAT HAPPENS NEXTIf your application fits this specific position’s needs, our skilled Talent team will reach out to schedule an initial screening call. Get one step closer to achieving your goals – apply todayOur Talent team will guide you through every step of the interview process - from preparation to completion. They're here to support youOur recruitment process is designed to assess your competencies through a series of personalized interviews with internal stakeholders relevant to the role.Interviews will be conducted virtually via video or on-site with face-to-face meetings.LIFE AT IVALUAHybrid working model (3 days in the office per week)We're a team dedicated to pushing the boundaries of product innovation and technologySustainable Growth, Privately HeldA stable and cash-flow positive Company since 10 yearsSnacks and weekly lunches in the officeFeel empowered to pursue your goals with improved team collaboration and increased creativity/productivityUnlock and unleash your full professional potential with our exceptional training and career development programJoin a dynamic and international team of top-notch professionals who are experts in their respective fieldsCollaborate with like-minded individuals who are deeply passionate and highly motivated about their workExperience a truly diverse and inclusive work environment where your unique contributions are highly valuedRegular social events, competitive outings, team running events, and musical activitiesUnited by our values we embrace diversity and equity in the broadest possible sense to create an inclusive workplace. To help our customers make supply chains more efficient, sustainable and resilient, we rely on a global team with a variety of backgrounds, skills and views. We believe in equal opportunity and in diversity as a driver of innovation that cultivates a spirit of inclusiveness, creates a productive and fun place to work, and provides fulfilling career opportunities for all Ivaluans. https://www.linkedin.com/company/ivalua/about/Experience life at Ivalua - check out our captivatingvideo Gain insight into our unique company culture and get a glimpse of what it's like to work with us.#LI-MV1#LI-HYBRIDCreate a Job AlertInterested in building your career at Ivalua? Get future opportunities sent straight to your email.Apply for this job*indicates a required fieldFirst Name *Last Name *Email *PhoneResume/CV *Enter manuallyAccepted file types: pdf, doc, docx, txt, rtfEnter manuallyAccepted file types: pdf, doc, docx, txt, rtfHow did you hear about Ivalua? *How many years of experience do you have as a Security Analyst - GRC? *Please share an overview of your role as Security Analyst - GRC *This role will require a Hybrid work schedule of 3 days of the week working in the office - Tuesday and Thursday in the office is required with the 3rd day based on Department preference. Are you able to work this Hybrid work schedule? * Select...What is your expected Base Salary (not including bonus) for this position? A narrow range or single number is greatly appreciated. *Do you now, or will you in the future, require sponsorship or a work permit to work legally for our Company? * Select...If YES to requiring sponsorship, what is the basis of the current work authorization AND when does the work authorization expire? #J-18808-Ljbffr