GRC and Infosec Specialist (Technical)
About Anybill Financial Services:
Established in 2001 and now known as the world’s largest tax payment processor, Anybill is a software-as-a-service company that offers end-to-end accounts payable and tax payment automation. Customer service is an important cornerstone to Anybill’s success. We strive to create first class relationships with clients and to be recognized as reliable, honest, hardworking staff that exhibit confidence and displays knowledge within the tax and AP world.
Professionalism and quality of work is extremely important as this is a high-risk industry. The individual will be working with Executives, Directors, and Accountants of Fortune 500 companies across the world, in addition to well-known non-profit organizations across the country and right here in Washington, DC.
Description
The GRC and Infosec Specialist (GIS) is responsible for adapting and evolving the compliance program at Anybill and assisting with the day-to-day operations of securing the firm’s various information assets. Reporting to the Director of IT Operations (DITO), The GIS will be responsible for maintaining and evolving the Governance, Risk, and Compliance (GRC) program within Anybill. Additionally, the GIS is tasked with providing technical expertise in areas of enterprise, network, system, and application security. The GIS works closely with the various teams in the Information Technology department to ensure that systems and networks are always designed, developed, deployed, and managed with an emphasis on strong, effective security and risk management controls. The GIS may be responsible for the management, provisioning, and configuration of information system solutions throughout the enterprise, this may include limited administrative privileges. The GIS takes part in the firm's vulnerability management program, observes the annual cybersecurity assessments and penetration tests, and researches and reports on emerging threats to help the firm take pre-emptive risk mitigation steps. The GIS effectively correlates and analyzes security events within the context of ANYBILL's unique environment to proactively detect threats and mitigate attacks before they occur. Formal and thorough documentation around all aspects of this role is expected.
Key Responsibilities:
Governance:
- Develop, implement, and maintain policies, procedures, and standards to align with organizational objectives and industry best practices.
- Monitor and enforce compliance with established governance frameworks, ensuring consistency across departments.
- Provide strategic recommendations to leadership on improving governance processes.
Risk Management:
- Conduct risk assessments to identify vulnerabilities and threats across systems, applications, and operations.
- Develop and maintain a risk register, including mitigation strategies and residual risk analysis.
- Collaborate with cross-functional teams to address identified risks and monitor remediation efforts.
Compliance:
- Ensure compliance with relevant regulations and standards such as GDPR, HIPAA, ISO 27001, SOC 2, and others applicable to the SaaS industry.
- Oversee compliance program controls including coordination of scheduled compliance activities with relevant stakeholders, e.g.: access report reviews, log reviews, annual assessments, etc.
- Manage internal and external audit processes, preparing documentation and coordinating responses to findings.
- Scripting and query language experience necessary to aggregate and abstract reports relevant to audit reporting.
- Lead training initiatives to promote awareness of compliance requirements and practices.
- Compose internal and customer-facing documents relevant to compliance and security.
Information Security:
- Oversee the implementation and maintenance of security controls for internal applications and office infrastructure.
- Collaborate with IT and DevOps teams to ensure secure configurations, timely patch management, and robust access controls.
- Perform regular security assessments, including penetration testing, vulnerability scanning, and incident simulations.
- Develop and maintain incident response plans and oversee their execution during security events.
- Aggregate and compile management reports related to security events and mitigations.
Security Operations
- Triage security incidents and alerts.
- Integrate relevant data feeds into SecOps oversight.
- Adapt SecOps program to threats and governance requirements.
- Aggregate incident and event data into dashboards and reports for various stakeholders.
Technology Administration:
- Assist in the design and administration of security tools such as SIEM, endpoint protection, and identity access management systems.
- Provide technical expertise in the evaluation and implementation of new technologies to enhance security and compliance.
- Support cloud and on-premises system configurations to ensure alignment with security and compliance requirements.
- Produce documentation around process and procedures related to technical processes.
- Scripting and query language experience necessary to deploy and administer endpoint configurations and report dispositions.
Qualifications:
- Bachelor's degree in information technology, cybersecurity, risk managements, or a related field preferred. Relevant certifications (e.g., CISSP, CISM, CRISC, ISO 27001 Lead implementer) are a plus.
- Experience in GRC, Information Security, or a related role within financial services organiations, a SaaS, or technology-focused environment.
- Demonstrated knowledge of regulatory frameworks, standards, and best practices relevant to SaaS and processing operations.
- Strong technical aptitude in areas such as network security, cloud technologies (AWS, Azure, or GCP), application security, and technical administration.
- Proficiency with security tools and platforms such as SIEM, vulnerability management, and endpoint protection.
- Excellent analytical, organizational, and communication skills, with the ability to translate technical concepts into actionable recommendatiosn
- Scripting and Query language experience (PowerShell, MS SQL, Kusto, Regex).
Preferred Skills:
- Experience with DevOps security principles and secure software development lifecycle (SDLC) practices.
- Familiarity with data privacy laws and frameworks, including implementing and managing data protection programs.
- Hands-on experience with auditing and reporting tools to streamline compliance tracking and reporting.
Requirements:
- Full time on-site to start (may offer flexibility once established)
- Secure remote working environment; physically and logically.
- Internet connectivity
- Personal Smart Phone capable of running Anybill-managed applications (Authenticator, email, messaging, physical security access).
Compensation:
Salary – Commensurate with skills and experience.
Benefits:
Standard Company Benefits
Location
Bethesda, MD or Herndon, VA
Contact Info
For immediate consideration, please submit resume and salary history to: careers@anybill.com
EOE M/F/D/V