Information Security Analyst / Engineer

Information Security Analyst / Engineer GRC & Customer Assurance – Mid-Level Location: Atlanta, GA Experience: 5+ years in Information Security, GRC, or related IT discipline Level: P18 Role Summary Foxit is seeking a mid-level Information Security Analyst / Engineer to support the protection of company information assets while enabling business growth through strong governance, risk, compliance, and customer assurance practices. This role will partner closely with Sales, Customer Success, Legal, IT, Engineering, and business teams to support customer security requirements, manage audit readiness, strengthen GRC processes, and help maintain Foxit’s Information Security Management System. The ideal candidate can translate technical security controls into clear, business-friendly language and support both internal security operations and external customer assurance needs. Key Responsibilities Customer & Business Security Support Respond to customer security questionnaires, RFIs, RFPs, audits, and due diligence requests Partner with Sales, Customer Success, and Legal to address security and compliance requirements during pre-sales and post-sales cycles Maintain a centralized library of security documentation, including policies, certifications, architecture diagrams, and standard responses Clearly communicate security controls, risks, and compliance posture to customers and business stakeholders Governance, Risk & Compliance Support and improve GRC processes aligned with ISO 27001, NIST CSF, SOC 2, and other relevant frameworks Help maintain and mature Foxit’s Information Security Management System Conduct risk assessments and support risk treatment and remediation plans Manage security control documentation, testing, and evidence collection Support policy lifecycle management, including creation, review, approval, and enforcement Coordinate with control owners across IT, Engineering, HR, Finance, Legal, and Operations Assist with GRC tool implementation and optimization, such as Vanta, Drata, OneTrust, or ServiceNow GRC ISO 27001 & Audit Readiness Support ISO 27001 certification, surveillance audits, and ongoing compliance activities Coordinate audit evidence collection, control validation, and audit responses Work with internal teams, external auditors, and certification bodies to maintain audit readiness Identify opportunities to improve ISMS maturity and compliance efficiency Third-Party & Vendor Risk Conduct security assessments of vendors, partners, and third parties Review vendor security documentation, certifications, and risk posture Support vendor onboarding and ongoing monitoring processes Partner with Procurement and Legal to define and enforce security requirements in contracts Security Operations & Engineering Support Monitor, investigate, and support response to security events and incidents Assist with security tooling, including SIEM, EDR, IDS/IPS, firewalls, and vulnerability management tools Support vulnerability assessments and coordinate remediation with technical teams Contribute to incident response planning, tabletop exercises, and playbook development Review system architectures for security risks and compliance alignment Support cloud, on-premises, DevSecOps, and secure SDLC initiatives Reporting, Awareness & Documentation Develop and maintain security policies, standards, procedures, and training materials Track and report KPIs/KRIs related to risk, compliance, audit readiness, and security posture Support security awareness programs across the organization Required Qualifications 5+ years of experience in Information Security, GRC, IT Risk, Security Operations, or a related discipline Experience responding to customer security questionnaires, RFIs, RFPs, or audit requests Working knowledge of security frameworks such as ISO 27001, NIST CSF, NIST 800-53, and SOC 2 Experience supporting audits, control testing, evidence collection, and compliance validation Strong understanding of risk assessment, control design, vulnerability management, and incident response Ability to translate technical security concepts into clear, business-facing communication Strong documentation, project coordination, and stakeholder management skills Familiarity with Windows, Microsoft 365, macOS, identity and access management, encryption, and cloud security fundamentals Preferred Qualifications Bachelor’s degree in Computer Science, Information Security, IT, or a related field, or equivalent practical experience Experience with GRC platforms such as Vanta, Drata, OneTrust, or ServiceNow GRC Direct involvement in ISO 27001 certification or surveillance audit cycles Experience with vendor or third-party risk management programs Familiarity with GDPR, HIPAA, PCI-DSS, NIS2, or similar regulatory frameworks Experience with AWS, Azure, or GCP environments Participation in incident response tabletop exercises or organization-wide security training Preferred Certifications CISSP, CISM, CISA, or ISO 27001 Lead Implementer / Lead Auditor GIAC certifications such as GSEC, GCIH, GCIA, or GCSA CompTIA Security+ or CySA+ Cloud security certifications such as CCSP, AWS Security Specialty, or AZ-500