Information Security Risk Analyst

About StackAdapt

StackAdapt is the leading technology company that empowers marketers to reach, engage, and convert audiences with precision. With 465 billion automated optimizations per second, the AI-powered StackAdapt Marketing Platform seamlessly connects brand and performance marketing to drive measurable results across the entire customer journey. The most forward-thinking marketers choose StackAdapt to orchestrate high-impact campaigns across programmatic advertising and marketing channels.

The Role: Information Security Risk Analyst

As an Information Security Risk Analyst, you will play a vital role in keeping StackAdapt’s systems and information secure by helping to identify, assess, and manage information security risks across StackAdapt. Working closely with the Senior Information Security Officer and key business stakeholders, you will help ensure that our security controls are appropriately designed, documented, and operating effectively in line with our risk appetite and regulatory obligations. This position offers exposure to a broad range of security domains, including security risk assessments, third-party risk management, policy development, audit support, and compliance monitoring. You’ll play an important part in embedding a strong security culture and helping the business make informed, risk-based decisions.

We’re looking for someone who is passionate about information security and eager to continuously develop within the role. This position is well-suited to an individual who is curious, proactive, and motivated to continuously learn in a rapidly evolving threat and regulatory landscape. You’ll thrive if you enjoy asking questions, challenging assumptions constructively, and developing your expertise through hands-on experience and collaboration with experienced security professionals. Strong communication skills, a growth mindset, and a commitment to professional development will be key to success in this role.

StackAdapt is a ‘Remote First’ company, therefore we are open to candidates located anywhere in North America for this position.

What You'll Be Doing

• Supporting the identification, assessment, and management of information security risks, including maintaining risk registers, monitoring remediation actions and following up on agreed risk treatments
• Assisting with vendor security risk assessments during onboarding and ongoing reviews
• Contributing to customer security assurance activities, such as completing security questionnaires
• Helping to coordinate StackAdapt’s centralized IT General Controls framework designed to manage security, compliance, and governance for enterprise IT systems
• Participating in the governance of recurring user access reviews (UARs) and segregation of duties (SoD) assessments for enterprise applications
• Supporting the governance of role-based access controls (RBAC) for enterprise IT applications
• Assisting with compliance activities against security frameworks and standards (e.g. SOC 2, PCI, etc.)
• Working with internal teams to gather information and evidence for risk and compliance activities
• Learning about emerging security risks, regulatory requirements, and industry best practices

What We're Looking For

• Interest in information security governance, risk, and compliance (GRC)
• Understanding of information security and risk management concepts
• Awareness of security frameworks or standards (e.g., ISO 27001, NIST, SOC 2) and/or IT compliance frameworks (e.g., Sarbanes–Oxley (SOX))
• Strong attention to detail and ability to work with documentation and evidence
• Ability to work collaboratively with technical and non-technical stakeholders
• Willingness to learn and develop within an information security or GRC career path

We’ll Be Reaching Out To Applicants That Have

• 1 to 3 years of experience in a related field
• Bachelor’s degree (or higher) in cyber security, information technology, risk management, law, business, or a related discipline (or equivalent practical experience)
• Experience supporting risk assessments, audits, or control testing activities
• Ability to work cross-functionally with various teams such as Internal Audit, IT Operations, Engineering, Legal and Finance
• Experience in designing, implementing, and/or managing application user access reviews, segregation of duties reviews, and/or conducting security risk assessments
• Strong communication skills, both written and verbal
• Strong organisational and time management skills, as well as an ability to meet deadlines

Key skills/competency

• Information Security
• Risk Management
• Compliance (GRC)
• Vendor Security Assessment
• Audit Support
• Policy Development
• Security Frameworks (SOC 2, ISO 27001, NIST)
• User Access Reviews (UAR)
• Segregation of Duties (SoD)
• IT General Controls
• Stakeholder Collaboration