Information Security Analyst / EngineerGRC & Customer Assurance - Mid-LevelLocation: Atlanta, GA
Experience: 5+ years in Information Security, GRC, or related IT discipline
Level: P18
Role SummaryFoxit is seeking a mid-level Information Security Analyst / Engineer to support the protection of company information assets while enabling business growth through strong governance, risk, compliance, and customer assurance practices.
This role will partner closely with Sales, Customer Success, Legal, IT, Engineering, and business teams to support customer security requirements, manage audit readiness, strengthen GRC processes, and help maintain Foxit's Information Security Management System.
The ideal candidate can translate technical security controls into clear, business-friendly language and support both internal security operations and external customer assurance needs.
Key ResponsibilitiesCustomer & Business Security Support- Respond to customer security questionnaires, RFIs, RFPs, audits, and due diligence requests
- Partner with Sales, Customer Success, and Legal to address security and compliance requirements during pre-sales and post-sales cycles
- Maintain a centralized library of security documentation, including policies, certifications, architecture diagrams, and standard responses
- Clearly communicate security controls, risks, and compliance posture to customers and business stakeholders
Governance, Risk & Compliance- Support and improve GRC processes aligned with ISO 27001, NIST CSF, SOC 2, and other relevant frameworks
- Help maintain and mature Foxit's Information Security Management System
- Conduct risk assessments and support risk treatment and remediation plans
- Manage security control documentation, testing, and evidence collection
- Support policy lifecycle management, including creation, review, approval, and enforcement
- Coordinate with control owners across IT, Engineering, HR, Finance, Legal, and Operations
- Assist with GRC tool implementation and optimization, such as Vanta, Drata, OneTrust, or ServiceNow GRC
ISO 27001 & Audit Readiness- Support ISO 27001 certification, surveillance audits, and ongoing compliance activities
- Coordinate audit evidence collection, control validation, and audit responses
- Work with internal teams, external auditors, and certification bodies to maintain audit readiness
- Identify opportunities to improve ISMS maturity and compliance efficiency
Third-Party & Vendor Risk- Conduct security assessments of vendors, partners, and third parties
- Review vendor security documentation, certifications, and risk posture
- Support vendor onboarding and ongoing monitoring processes
- Partner with Procurement and Legal to define and enforce security requirements in contracts
Security Operations & Engineering Support- Monitor, investigate, and support response to security events and incidents
- Assist with security tooling, including SIEM, EDR, IDS/IPS, firewalls, and vulnerability management tools
- Support vulnerability assessments and coordinate remediation with technical teams
- Contribute to incident response planning, tabletop exercises, and playbook development
- Review system architectures for security risks and compliance alignment
- Support cloud, on-premises, DevSecOps, and secure SDLC initiatives
Reporting, Awareness & Documentation- Develop and maintain security policies, standards, procedures, and training materials
- Track and report KPIs/KRIs related to risk, compliance, audit readiness, and security posture
- Support security awareness programs across the organization
Required Qualifications- 5+ years of experience in Information Security, GRC, IT Risk, Security Operations, or a related discipline
- Experience responding to customer security questionnaires, RFIs, RFPs, or audit requests
- Working knowledge of security frameworks such as ISO 27001, NIST CSF, NIST 800-53, and SOC 2
- Experience supporting audits, control testing, evidence collection, and compliance validation
- Strong understanding of risk assessment, control design, vulnerability management, and incident response
- Ability to translate technical security concepts into clear, business-facing communication
- Strong documentation, project coordination, and stakeholder management skills
- Familiarity with Windows, Microsoft 365, macOS, identity and access management, encryption, and cloud security fundamentals
Preferred Qualifications- Bachelor's degree in Computer Science, Information Security, IT, or a related field, or equivalent practical experience
- Experience with GRC platforms such as Vanta, Drata, OneTrust, or ServiceNow GRC
- Direct involvement in ISO 27001 certification or surveillance audit cycles
- Experience with vendor or third-party risk management programs
- Familiarity with GDPR, HIPAA, PCI-DSS, NIS2, or similar regulatory frameworks
- Experience with AWS, Azure, or GCP environments
- Participation in incident response tabletop exercises or organization-wide security training
Preferred Certifications- CISSP, CISM, CISA, or ISO 27001 Lead Implementer / Lead Auditor
- GIAC certifications such as GSEC, GCIH, GCIA, or GCSA
- CompTIA Security+ or CySA+
- Cloud security certifications such as CCSP, AWS Security Specialty, or AZ-500
