Information Security Analyst (Vendor Risk & Cyber Compliance)

Smarsh is the leader in communications compliance, archiving, and analytics. We provide compliance across the broadest set of communications channels with insights on what’s being captured. Smarsh customers manage over 500 million daily conversations across 80 channels and growing. Customers include the top 10 U.S., top 8 European, top 5 Canadian, and top 3 Asian banks. The Smarsh advantage is customers stay ahead of compliance and uncover patterns and relationships hidden within their data.

Smarsh is the leader in communications compliance, archiving, and analytics. We provide compliance across the broadest set of communications channels with insights on what’s being captured. Smarsh customers manage over 500 million daily conversations across 80 channels and growing. Customers include the top 10 U.S., top 8 European, top 5 Canadian, and top 3 Asian banks. The Smarsh advantage is customers stay ahead of compliance and uncover patterns and relationships hidden within their data.

About the Role

As an Information Security Analyst at Smarsh, you will be responsible for evaluating the cybersecurity and third-party risk posture of our clients within highly regulated industries. Utilizing our advanced Vendor Risk Management (VRM) and Cybersecurity Compliance platforms, you will ensure that vendor environments meet rigorous security standards.

Your Mission: Identify and mitigate risks within third-party environments by meticulously reviewing security documentation and assessments. By combining expert analysis with automated monitoring, you provide the visibility needed to safeguard sensitive data and neutralize liabilities before they emerge.

Primary Responsibilities

• Strategic Risk Advisory: Review vendor risk by evaluating security assessments and documentation; deliver actionable recommendations to strengthen client risk postures.
• Technical Security Assessments: Conduct comprehensive vulnerability scans and penetration tests for Smarsh customers using industry-leading, off-the-shelf security tools.
• Vulnerability Reporting: Produce detailed technical reports that categorize vulnerabilities and provide actionable remediation strategies to help clients resolve security gaps.
• Client Relationship Management: Serve as a subject matter expert and primary point of contact, guiding clients through platform features and cybersecurity best practices via phone and email.
• Operational Leadership: Manage regular client engagements, deliver high-quality due diligence reports, and contribute to the continuous improvement of Smarsh VRM team operations.

Requirements & Qualifications

Experience & Certifications

• 3–5 years of professional experience specifically within Vendor Risk Management or Information Security .
• Relevant industry certifications are highly desirable (e.g., CTPRP, CISA, CISM, CRISC ).

Technical Proficiency

• Security Tooling: Familiarity with tools such as Nessus, Metasploit, or Cobalt Strike .
• Core Fundamentals: Strong understanding of TCP/IP networking , server administration, and cybersecurity controls (processes, procedures, and policies).
• Software: Proficient in Salesforce CRM , Microsoft Office Suite, and MS Teams.

AI Usage & Innovation

• Efficiency via AI: Ability to use AI tools to automate repetitive tasks, such as data mapping, report drafting, or initial vendor documentation reviews.
• AI-Enabled Analysis: Utilize and recommend enhancements to Smarsh’s AI review tools to automate the extraction of critical data from vendor security documentation.
• Strategic Optimization: Collaborate with product teams to refine AI prompts and workflows, reducing the "false positive" rate in automated compliance flagging.
• Continuous Learning: A proactive interest in staying current with how AI is changing the threat landscape and the tools used to defend it.

Professional Skills

• Risk Analysis: Proven ability to review complex security assessments for completeness and overall risk impact.
• Communication: Exceptional written and verbal communication skills with a "customer-first" mindset.
• Project Management: Ability to manage multiple parallel workstreams and document processes accurately under tight deadlines.
• Self-Direction: A proactive, self-motivated professional capable of working independently for extended periods while maintaining high standards.

Why Smarsh?

Smarsh hires lifelong learners with a passion for innovating with purpose, humility and humor. Collaboration is at the heart of everything we do. We work closely with the most popular communications platforms and the world’s leading cloud infrastructure platforms. We use the latest in AI/ML technology to help our customers break new ground at scale. We are a global organization that values diversity, and we believe that providing opportunities for everyone to be their authentic self is key to our success. Smarsh leadership, culture, and commitment to developing our people have all garnered Comparably.com Best Places to Work Awards. Come join us and find out what the best work of your career looks like.