Mid-Senior Information Security Analyst - Remote GRC Role

About the Role

We’re hiring a Mid-Senior Information Security Analyst to join XBOW, a pioneering company in the cybersecurity space. This remote role focuses on Governance, Risk & Compliance (GRC), where you will play a crucial part in scaling our security and trust function. As an Information Security Analyst, you will support customer and prospect security reviews, assess third-party vendor risk, and continuously improve our risk management processes.

What You'll Do

• Support customers and prospects by completing technical security questionnaires, risk assessments, and due diligence requests.
• Partner with Sales and Customer teams to explain XBOW’s security controls, architecture, and compliance posture.
• Assess and manage third-party and vendor security risk, including reviews of SaaS providers and service partners.
• Help maintain and improve risk assessment frameworks, methodologies, and documentation.
• Track and support remediation of identified risks in collaboration with internal stakeholders.
• Contribute to compliance initiatives aligned with frameworks such as SOC 2 and ISO 27001.
• Maintain clear, well-structured risk registers, policies, and supporting evidence.
• Coordinate risk management sessions and processes.
• Identify opportunities to streamline and automate risk and compliance processes as the company scales.
• Support audits, customer reviews, and internal assurance activities as needed.

Requirements

• 3–5+ years of experience in risk, compliance, security assurance, or related roles.
• Hands-on experience completing or reviewing technical security questionnaires and customer risk assessments.
• Familiarity with common security and compliance frameworks (e.g., SOC 2, ISO 27001, NIST, FedRAMP).
• Comfortable assessing technical controls and working with engineers to understand system architecture.
• Experience conducting or supporting vendor/third-party risk assessments.
• Strong written communication skills, with the ability to explain complex security concepts clearly.
• Highly organized and detail-oriented, with a pragmatic approach to risk.
• Comfortable working in a fast-moving, remote-first startup environment.

Nice to Have

• Experience working in a SaaS or security-focused company.
• Security or risk certifications (e.g., CRISC, SOC2, ISO 27001 Lead Implementer, FedRAMP).
• Experience supporting a company through audit readiness or first-time compliance efforts.

What We Offer

• Competitive salary and meaningful stock options.
• Opportunity to learn from and collaborate with top security and AI experts.
• Work on complex technical challenges that support the foundation of our company.
• Remote-first work environment with regular opportunities to meet in person.

What Else You Should Know

This is a full-time remote position, preferably for candidates located on the US East Coast. Join us in shaping the next frontier of autonomous security!