Information Security Analyst

About BluIP

BluIP® is a Tier1 global service provider and communications technology innovator, delivering UCaaS (Unified Communications as a Service) and CCaaS (Contact Center as a Service) solutions to businesses across various industries. The company develops ar8ficial intelligence and enterprise-grade telephony solutions for leaders in hospitality, restaurants, healthcare, small business, and the enterprise. BluIP’s comprehensive suite of products includes the industry-disrupting, all-in-one ar8ficial intelligence platform, AIVA Connect™, with modules that improve every customer interaction, streamline business processes, and provide in-depth business intelligence to help customers optimize resources and drive more revenue.

We have built a brand around our deep commitment to our customers' success and do our best work when the challenges are complex and the outcomes are mission-critical. We are focused on transforming the communication experience with technology that’s reliable, secure, and forward-thinking.

Our reputation is built on innovation, deep industry expertise, and a legendary white-glove service promise. As we continue to grow, we are seeking exceptional talent to expand our impact in hospitality. No wonder we are trusted by more than 60,000 customers.

About the Role

We are seeking a detail-oriented and proactive GRC Information Security Analyst to join our team. The ideal candidate will play a critical role in safeguarding our organization’s information assets, overseeing compliance and security protocols, and fostering a culture of security awareness. This role involves collaboration across various departments, particularly with HR, Development, Engineering and Legal to enhance our security posture and ensure adherence to policies. The analyst will work closely with the Security and Privacy Program Lead and other leadership to help maintain and strengthen the program.

Responsibilities

Compliance Platform & Access Management:

• Compliance Automation Platform Monitoring & Administration: Monitor and enforce adherence to controls within the platform, ensuring that all personnel comply with established security measures. Maintain evidence and controls according to the security and privacy program plan. Serve as system administrator, including user provisioning, platform configuration, and integration management.
• Password Manager Policy Adherence: Oversee adherence with our password policy and platform, ensuring secure password management practices across the organization. Monitor for domain breaches and password compromises. Serve as system administrator, including user management, policy configuration, and vault administration.
• Annual Access Reviews: Oversee and manage the annual access review process to ensure that user access aligns with current roles and responsibilities, mitigating risks associated with unauthorized access.
• Employee and Contractor On/Offboarding: Assist HR and managers with on and offboarding processes to ensure proper compliance, policy adherence, and tracking throughout the employee/contractor lifecycle.

Incident Response & Security Operations:

• Security Incident Management: Monitor the security incident queue, manage incoming tickets, coordinate response activities, and follow up with stakeholders until incidents are fully resolved and closed.
• Incident Response Team Member: Actively participate in the incident response team to address and mitigate security incidents, ensuring timely and effective responses to potential threats.
• Incident Response & Disaster Recovery Exercises: Partner with the BluTrust program lead and teams to plan, coordinate, and execute annual Incident Response (IR) and Disaster Recovery (DR) tabletop exercises and recovery drills. Lead the development of realistic scenarios, support end-to-end execution, capture lessons learned, and maintain related policies, procedures, playbooks, and templates to ensure continuous improvement and audit readiness.

Security Assessments & Risk Management:

• Vendor Security Assessments: Monitor and complete required annual vendor security compliance assessments, uploading evidence as needed. Lead the vendor assessment process for new solutions, third-party partnerships, and renewals. Coordinate offboarding activities for departing vendors.
• Customer and Partner Security Assessments: Assist or complete security questionnaires and RFPs from customers and vendor partners, providing documentation and evidence as requested.
• Oversee Risk Assessment Mitigation Follow-Up Items: Monitor and manage the follow-up items resulting from risk assessments, ensuring timely implementation of mitigation strategies and reporting on progress to stakeholders.
• Oversight of Security Exercises: Oversee the completion and documentation of all required cyclical exercises such as: tabletop exercises, annual penetration tests, quarterly scans, and ensure all evidence is uploaded and maintained in the DRATA system.

Policy, Training & Awareness:

• Annual Policy Reviews: Lead the annual review of information security policies, ensuring they are current, effective, and compliant with industry standards and regulations.
• Security Training, Awareness, and Phishing Program Management: Partner with the BluTrust program lead, HR, and management to administer and maintain the Security Awareness Training (SAT) program, including employee training, curriculum management, and compliance tracking. Serve as the SAT system administrator, overseeing ongoing phishing simulations and campaigns, monitoring employee awareness, and reporting on program effectiveness and areas for improvement.
• Internal Security News Bulletins: Stay updated on security trends by subscribing to multiple security blogs and publications and disseminate relevant internal news bulletins to raise incident awareness among staff.
• BluIP Trust Center Management: Maintain and update the BluIP Trust Center, ensuring accurate, up‑to‑date security, privacy, compliance, and trust documentation for customers, prospects, and partners. Coordinate with internal teams to publish artifacts, reports, and program updates.

Continuous Improvement:

• Continuous Improvement of Security Controls: Identify opportunities and areas for improvement in security controls and monitoring processes, proactively addressing vulnerabilities and recommending enhancements to strengthen the overall security posture and framework of the organization.

Qualifications

• Bachelor’s degree in Cybersecurity/Risk Management, Cloud Security Governance, Information Assurance, Computer Science, Information Security, or equivalent experience and education in a related field.
• Relevant certifications such as CGRP, CGRC, CISSP, CISM, or Security+ preferred.
• Strong understanding of information security principles, risk management, and compliance standards.
• Excellent analytical, problem-solving, and communication skills.
• Ability to work collaboratively in a team-oriented environment.

Required Skills

• Detail-oriented and proactive approach.
• Strong analytical and problem-solving skills.
• Excellent communication skills.