Foxit
GBITS
InformationSecurityAnalyst/Engineer
Neural analysis suggests this role is
optimal for Mid-Level candidates.
“Information Security Analyst / Engineer at Foxit. Skills: Information Security, GRC, Risk Management, Compliance. Respond to customer security questionnaires. Respond to RFIs”
Industry & Context.
Risk assessment; Vulnerability management; Incident response
What They're Looking For.
Must Have
5+ years experience Information Security, 5+ years experience GRC, 5+ years experience IT discipline, Respond to customer security questionnaires, Respond to RFIs, Respond to RFPs, Respond to audits, Respond to due diligence requests, Working knowledge ISO 27001, Working knowledge NIST CSF, Working knowledge NIST 800-53, Working knowledge SOC 2, Support audits, Control testing, Evidence collection, Compliance validation, Risk assessment understanding, Control design understanding, Vulnerability management understanding, Incident response understanding, Translate technical security concepts, Documentation skills, Project coordination skills, Stakeholder management skills, Familiarity Windows, Familiarity Microsoft 365, Familiarity macOS, Familiarity identity access management, Familiarity encryption, Familiarity cloud security fundamentals
Nice to Have
Bachelor's degree Computer Science, Bachelor's degree Information Security, Bachelor's degree IT, Equivalent practical experience, Experience with GRC platforms, Experience with Vanta, Experience with Drata, Experience with OneTrust, Experience with ServiceNow GRC, Direct involvement ISO 27001 certification, Direct involvement surveillance audit cycles, Experience vendor risk management, Experience third-party risk management, Familiarity GDPR, Familiarity HIPAA, Familiarity PCI-DSS, Familiarity NIS2, Familiarity regulatory frameworks, Experience AWS environments, Experience Azure environments, Experience GCP environments, Participation incident response tabletop exercises, Participation organization-wide security training
What You'll Do.
Respond to customer security questionnaires
Respond to due diligence requests
Address security requirements
Address compliance requirements
Maintain security documentation library
Communicate security controls
Communicate compliance posture
Improve GRC processes
Align GRC with frameworks
Maintain Information Security Management System
Conduct risk assessments
Support risk treatment
Support remediation plans
Manage security control documentation
Manage evidence collection
Manage policy lifecycle
Coordinate with control owners
Assist with GRC tool implementation
Support ISO 27001 certification
Support surveillance audits
Support ongoing compliance
Coordinate audit evidence collection
Coordinate control validation
Coordinate audit responses
Maintain audit readiness
Identify ISMS maturity improvements
Identify compliance efficiency improvements
Conduct security assessments of vendors
Conduct security assessments of partners
Conduct security assessments of third parties
Review vendor security documentation
Review vendor certifications
Review vendor risk posture
Support vendor onboarding
Support vendor monitoring
Define security requirements in contracts
Enforce security requirements in contracts
Monitor security events
Investigate security events
Support response to security events
Support response to security incidents
Support security tooling
Support vulnerability assessments
Coordinate remediation with technical teams
Contribute to incident response planning
Contribute to tabletop exercises
Contribute to playbook development
Review system architectures for security risks
Review system architectures for compliance alignment
Support cloud initiatives
Support on-premises initiatives
Support DevSecOps initiatives
Support secure SDLC initiatives
Develop security policies
Develop security standards
Develop security procedures
Develop security training materials
Support security awareness programs
How You'll Work.
Team & Collaboration
Partner with Sales; Partner with Customer Success; Partner with Legal; Partner with IT; Partner with Engineering; Partner with business teams; Coordinate with control owners; Work with internal teams; Work with external auditors; Work with certification bodies; Partner with Procurement; Coordinate remediation; Coordinate with technical teams
Communication Scope
Business-friendly language; Clear communication; Customer communication; Business stakeholder communication
Process & Methodology
Project coordination
Full Job Description
## Description Information Security Analyst / Engineer GRC & Customer Assurance – Mid-Level Location: Atlanta, GA Experience: 5+ years in Information Security, GRC, or related IT discipline Level: P18 Role Summary Foxit is seeking a mid-level Information Security Analyst / Engineer to support the protection of company information assets while enabling business growth through strong governance, risk, compliance, and customer assurance practices. This role will partner closely with Sales, Customer Success, Legal, IT, Engineering, and business teams to support customer security requirements, manage audit readiness, strengthen GRC processes, and help maintain Foxit’s Information Security Management System. The ideal candidate can translate technical security controls into clear, business-friendly language and support both internal security operations and external customer assurance needs. Key Responsibilities Customer & Business Security Support Respond to customer security questionnaires, RFIs, RFPs, audits, and due diligence requests Partner with Sales, Customer Success, and Legal to address security and compliance requirements during pre-sales and post-sales cycles Maintain a centralized library of security documentation, including policies, certifications, architecture diagrams, and standard responses Clearly communicate security controls, risks, and compliance posture to customers and business stakeholders Governance, Risk & Compliance Support and improve GRC processes aligned with ISO 27001, NIST CSF, SOC 2, and other relevant frameworks Help maintain and mature Foxit’s Information Security Management System Conduct risk assessments and support risk treatment and remediation plans Manage security control documentation, testing, and evidence collection Support policy lifecycle management, including creation, review, approval, and enforcement Coordinate with control owners across IT, Engineering, HR, Finance, Legal, and Operations Assist with GRC tool implementation
Applying for this Information Security Analyst / Engineer role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Lever
- Lever uses a streamlined one-page form — apply in under 5 minutes.
- LinkedIn import works well; review parsed data before submitting.
- The cover letter field is optional but visible to reviewers — use it to differentiate.
- Referral codes from employees can significantly boost visibility of your application.
ANONYMOUS · UNFILTERED
What do employees actually say about Foxit?
Real rants from real employees. Read before you apply.