Sr. Security Analyst – Control Design & Implementation Assurance

 Posted 2 hours ago
     
5-10 years experience
Apply Now

Please mention DailyRemote when applying

AI Summary

Independently assess the security posture of technology environments to ensure controls are designed and implemented securely across the enterprise. Partner with engineering teams to embed security requirements into new initiatives and provide risk-based assurance throughout the project lifecycle.
Position: Sr. Security Analyst – Control Design & Implementation Assurance
Working Model: Remote in Dominican Republic
Schedule: M-F 09:00 AM - 06:00 PM
 

GENERAL DESCRIPTION / PURPOSE OF ROLE

The Sr. Security Analyst Control Design & Implementation Assurance role is responsible for independently assessing the security posture of Jostens’ technology environment and ensuring that systems, applications, operational technology (OT), and physical security controls are designed, implemented, and operating securely. As such, this role will be instrumental in assuring that controls are appropriate at conceptualization, through delivery, and after deployment.
This role operates at the intersection of security assurance, GRC, and secure solution delivery. The role evaluates security control design, validates implementation alignment to requirements, and tests operating effectiveness across the enterprise. The role partners with project and engineering teams to embed security requirements into new initiatives and provides risk‑based assurance that solutions align with Jostens’ security, regulatory, and compliance expectations.
The role is framed as a GRC security assurance function which is focused on independent evaluation, risk identification, and assurance throughout the entire lifecycle of a project. While typically not serving as the primary engineer responsible for building, installing or operating new products, services, or systems, this role assures that security requirements are built into or otherwise met by new products, services, or systems installed in the Jostens environment. As such, the role may define security requirements for the project, assist with product or service candidate selection, ensure security requirements are achieved during implementation, validate implementation meets security requirements, report on post-implementation gaps, and recommend practical approaches for remediation.
 

KEY RESPONSIBILITIES / ESSENTIAL FUNCTIONS

GRC Security Assurance

  • Perform independent, risk‑based assessments of IT systems, business applications, cloud services, OT environments, and physical security controls.
  • Evaluate security control design, implementation, and operating effectiveness against internal standards and external frameworks (e.g., NIST, ISO 27001, PCI DSS, SOC 2).
  • Conduct control walkthroughs, interviews, and evidence reviews to support internal and external audits.
  • Provide consulting and advisory support for control assessments and compliance initiatives, including PCI DSS, SOX ITGC, and SOC 2 environments (e.g., readiness, control design, evidence strategies, and gap remediation planning).
  • Identify control gaps, design weaknesses, and residual risks; clearly document findings and risk ratings.
  • Support remediation validation and follow‑up testing to confirm risk mitigation.

Security Design & Implementation Assurance (GRC‑Led)

  • Perform GRC‑led security design reviews and ensure security requirements are incorporated early in the project lifecycle (e.g., intake, requirements, and solution design).
  • Partner with IT, Engineering, OT, Facilities, and business teams during project intake, solution design, implementation, and post‑go‑live phases to assess risk, confirm control requirements, and validate outcomes.
  • Assess implementation readiness and control deployment by validating that configurations and procedures align to approved security requirements (e.g., access controls, encryption, logging/monitoring, segmentation) and performing post‑implementation verification where needed.
  • Assess solution designs and implementations for foundational areas including:
  • Identity & access
  • Network access & segmentation
  • Secure configuration and Hardening
  • Data protection & encryption
  • Logging, monitoring & incident readiness
  • Physical Access

Risk Management & GRC Integration

  • Perform and facilitate risk assessments for new systems, major enhancements, and material changes.
  • Document risks, control gaps, and remediation plans within the enterprise GRC platform.
  • Support formal risk treatment and risk acceptance processes with leadership.
  • Ensure traceability between risks, controls, audit findings, and remediation actions.

Compliance & Regulatory Support

  • Lead and support consulting, readiness, and assessment activities for SOC 2, PCI DSS, SOX, and other regulatory or customer‑driven environments (e.g., scoping, control mapping, evidence collection, narrative development, and remediation planning).
  • Ensure audit‑ready documentation, evidence, and narratives are maintained.
  • Serve as a key liaison between Information Security, IT, business stakeholders, and external assessors.

Advisory, Reporting & Continuous Improvement

  • Translate technical security concepts into clear, business‑focused risk statements.
  • Prepare audit reports, executive summaries, and risk assessments for leadership.
  • Identify systemic control issues and recommend improvements to security standards, patterns, and governance processes.
  • Contribute to continuous improvement of Jostens’ security architecture and assurance practices.
 

SUPERVISION OF OTHERS

  • None – Individual Contributor
 

REQUIRED QUALIFICATIONS

  • Minimum 5+ years of experience in Information Security, Security Assurance, GRC, Technology Risk, IT Audit or Risk Management roles.
  • Bachelor’s degree in Information Systems, Information Security, Accounting, Business, or a related field (or equivalent experience).
  • Experience performing IT control assessments and security reviews across applications, infrastructure, and cloud environments.
  • Working knowledge of security frameworks and audit standards (e.g., ISO 27001, SOC 2, PCI DSS, SOX, NIST).
  • Experience partnering with project and technical teams to assess security design and implementation.
  • Strong ability to document findings, risks, and recommendations in an audit‑ready manner.
  • Experience using GRC tools for risk, control, and issue management.
 

PREFERRED QUALIFICATIONS

  • Prior experience in security assurance, technology risk, compliance assessments, or external audit/consulting.
  • Prior experience as a business or systems analyst supporting existing systems or implementing new systems.
  • Exposure to OT environments and/or physical security controls.
  • Professional certifications such as CISA, CISSP, CRISC, or equivalent.
  • Experience supporting and advising regulated or customer‑assured environments, including PCI, SOX, and SOC 2 programs.
 

KEY SKILLS & ATTRIBUTES

  • Strong risk‑based mindset with the ability to balance security, business needs, and practicality.
  • Ability to operate independently while influencing cross‑functional teams.
  • Excellent written and verbal communication skills, including executive‑level reporting.
  • Ability to assess complex technical environments without owning day‑to‑day operations.
  • Highly organized, detail‑oriented, and audit‑focused.
 

TRAVEL

  • Typical/expected overnight travel: < 5%
 

Similar Jobs

See all Remote Design jobs →

Personalize your Remote Job Search in 3 Easy Steps!

Discover remote opportunities in Security Analyst

Answer easy questions

Answer easy questions

200,000+ jobs across 15+ categories

Get your best job matches

Get your best job matches

Only hand-screened, legit jobs

Find a remote job faster

Find a remote job faster

No ads, scams, or junk

I was the first applicant for a remote marketing position that got listed on the company website the same day I applied. Had an interview within 48 hours!

Sarah J. — Sarah J. · Marketing Manager ★★★★★ Verified