Senior Information Security Analyst
ABOUT VTS
VTS is changing the way that commercial real estate (CRE) is done—disrupting a $15 trillion industry by becoming the modern operating system for CRE. We invented the category of leasing and asset management, which allows landlords and brokers to take their entire leasing process online to maximize revenue and performance. Last year, we launched the fastest adopted new product in proptech, VTS Market. Rise Buildings by VTS is leading an entirely new category of software - tenant experience. We also recently launched VTS Data, already getting front-page references in the Wall Street Journal and quoted by Reuters, The Real Deal, Commercial Observer, and many more. Our success shows in our numbers—we hit "Unicorn" status in 2019 and today we have over 12 billion square feet of commercial space managed on VTS on 80,000 buildings in 34 countries, and we’ve expanded to over 400 employees globally. It’s an exciting time to join the VTS team as we continue to grow rapidly and break records.
Our headquarters are in NYC, but we have major hubs in other cities including Chicago, IL, Toronto, CA, London, UK, San Francisco, CA, and Austin, TX.
Learn more at vts.com, risebuildings.com, or follow us on Instagram (@WeAreVTS), Twitter (@WeAreVTS), or LinkedIn.
Our mission is to be Commercial Real Estate’s modern operating system, the place where deals happen, customer relationships are nourished, and real-time market data comes to life.
We are looking for a Senior Information Security Analyst with experience in a variety of control activities that include security engineering, oversight, compliance & projects.
You would be joining the Information Security team, which develops & executes the vision & strategy protecting VTS and our customers, by managing security, privacy and compliance risks. This role provides important guidance to internal teams and to customers, managing and executing important aspects of the security program.
You'll be a critical part of our growing company, working on a cross-functional team to implement best practices and raising the bar in people, process and technology. You’ll have the chance to work in an open and collaborative environment, receive and give hands-on mentorship and make a significant impact on our business’ next phase of growth.
What Makes This Job Awesome?
- Lead the execution of large parts of VTS’s Information Security program, including
- Conducting the quarterly entitlement review process
- Managing the Issue, Risk & Exception tracking process
- Maintaining the master vendor list, including
- Assist in scoping, managing & executing large risk assessments
- Strategic business efforts, new product launches, strategic vendor relationships
- Scoping, Security services vendor management & contract negotiation (where 3rd parties are engaged to perform assessments)
- Stakeholder interviews
- Opportunity to drive significant issue or risk remediation projects, potentially including
- Product security enhancements
- Remediating risks identified from risk assessments or audits
- Leading penetration testing efforts (vendor evaluation, communicating project timelines across internal product teams, reporting on status, etc.)
- Develop & leverage extensive experience in the SOC2 framework & audit process by
- Gathering and producing documentation, such as screenshots, policy captures, etc. for the yearly audit process
- Working with stakeholders to close any gaps identified during the audit process
- Integrating acquired companies in to the audit cycle, including vendor negotiation, gap analysis & remediation planning
- Meaningfully contribute to the sales cycle by managing the client security inquiry process
- Responding to questions where standardized documentation is not sufficient for client asks, or is beyond Sales teams’ capabilities
- Updating available documentation as/when necessary
- Occasionally participating in client-facing security discussions
- Partner across the organization for important, time-sensitive investigations & resolutions for Security Incidents
- Incident Management
- Reporting & Insights
- Process Health
- Opportunity to mentor and coach less experienced team members
- Opportunity to develop technical understanding with expert cloud engineers, software developers and product managers
What Makes You a Great Fit?
- Ability to thrive in a growth environment with a high degree of autonomy
- 5+ years experience in security, compliance, risk or audit, covering a wide area of technologies and control domains
- Ability to work across functions to solve problems
- Experience with control frameworks and compliance requirements such as SOC2, ISO 27001, GDPR, CCPA
- Experience presenting compliance requirements to technical audiences
- Thrives in a varied and dynamic environment and works well with ambiguity
- One or more Information security certifications, including, but not limited to CISSP, CISA, CISM, Security+
Nice to Have:
- Understanding of cloud concepts or technologies, especially AWS
What VTS Values & How We Show It:
- Strive for Excellence - We know your potential is unlimited. Take advantage of our executive coaches and our training and career development programs available to all employees!
- Be Customer Obsessed - We’re employee obsessed too! VTS offers competitive compensation, comprehensive health benefits (including dental and vision), pre-tax commuter benefits, and a 401(k) plan. Not to mention the fun stuff - monthly happy hours, wellness events, clubs, and team lunches!
- Be Curious - Benefit from a culture that promotes new learning. VTS offers an education stipend to all employees!
- Move as One - We work in an open floor plan to promote cross-functional collaboration.
- Take Ownership - Be an owner of the company you’re building with our equity packages.
- Appreciate the Difference - VTS embraces and celebrates diversity. We understand the importance of a strong work-life balance. We offer a flexible PTO policy, generous family leave program, and more!
VTS embraces diversity and equal opportunity in a serious way. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our work will be.
All your information will be kept confidential according to EEO guidelines.