GRC Security Analyst - Information Security

We are Appfire, the largest global provider of award-winning Atlassian apps! Our portfolio of trusted product brands includes more than 200+ purpose-built apps loved by thousands of teams and millions of users worldwide.

Amplified by our partnership and strategic investment from private equity powerhouse Silversmith Capital Partners, a recent surge of marquee brand acquisitions, and an additional $100M investment from TA Associates, Appfire is uniquely poised to accelerate our leadership position within the billion-dollar Atlassian app market.

Come be a part of our Appfire family for this amazing journey! Learn more at appfire.com.

Do you have a strong understanding of information security GRC operations? Have you built lasting relationships with business owners and vendors? Appfire, the leading provider of Atlassian apps, is looking for a creative problem-solver and a self-starter to join our Information Security team. The GRC Security Analyst will handle diverse security-related tasks and issues for our rapidly growing company, including managing risk through a shared vision with Appfire’s business leaders.

You’ll work within the GRC department managing diverse governance, risk and compliance security-related tasks and issues for our rapidly growing company, with a focus on people, practices, systems, and metrics. You’ll be asked to keep up with the latest industry requirements and will assist in the identification of security risks and the associated execution of remediation and corrective action plans, ensuring we are following up with those steps previously agreed upon by the business. Additionally, you’ll participate in regular vendor reviews and ensure compliance with Appfire policy, as well as provide ISO 27001 and other audit support. 

If you’re a highly organized, detail-oriented expert communicator, let’s chat! 

You will be expected to engage in professional development to maintain continual growth in professional skills and knowledge essential to the position and thrive in a highly collaborative workplace. 

• →Work on the coordination and facilitation of Appfire’s security governance goals and initiatives
• →Support our sales channels regarding prospect and customer security questions, assessments, and audits, including speaking to technical controls and their alternatives and appropriate risk mitigation.
• →Conduct assessments related to vendor risk management and following up on associated findings.
• →Provide support for regulatory and compliance initiatives (e.g. ISO 27001, SOC2, GDPR, etc.). 
• →Identify, document, and track information security policy related non-conformities and assist in developing and monitoring corrective action plans.
• →Assist in identifying & tracking information security risks, assessing impact, and tracking the execution of mitigation plans.
• →Assist in tracking information security risk acceptances and exceptions and monitoring the execution of remediation plans.
• →Track and ensure adequate and timely resolution to all audit and risk assessment findings/issues relating to information security.
• →Assist in the monitoring of business continuity (BC) and disaster recovery (DR) testing.
• →Perform periodic compliance checks across the Appfire organization.
• →Provide support for the coordination and execution of integration plans for Appfire acquisitions.
• →Support the annual review and update of information security related policies and processes.
• →Participate in and support annual security awareness campaigns.
• →Handle sensitive and/or confidential material and information with suitable discretion.

• Bachelor’s Degree in Computer Science, Information Security, Engineering, related curriculum, or equivalent experience.
• 2+ years of experience working in information security risk and/or compliance roles.
• Knowledge of common Information Security frameworks such as CIS, ISO 27001 & SOC 2.
• Prior experience with cloud-based security tools, technologies, and controls a plus (e.g, Amazon AWS, Azure, Heroku, GCP)
• Ability to work effectively within a fast paced, changing environment that is going through high growth.
• A self-starter with the demonstrated ability to take initiative, who can proactively identify issues/opportunities and recommend actions.
• Creative problem solving required
• Excellent interpersonal and communication skills
• CISA, CISSP or similar security/GRC focused certifications a plus.

Every Appfire team member is eligible for company equity, fostering a true sense of ownership and connection to our growth.

• 25 days of annual leave per calendar year (January–December)
• Up to 10 unused vacation days may be carried over to the following year and must be used by December 31
• Reduced summer hours to support better work-life balance
• Flexible bank holidays, allowing employees to exchange one public holiday for another
• This role is fully remote within Spain, with the option to work from our Bilbao office whenever preferred

Grow with Appfire University — our custom, on-demand learning platform designed to support continuous learning and professional development.

• Private health insurance through IMQ or Adeslas, fully covered by Appfire for enrolled employees
• Family members may also be added at a discounted rate through payroll deduction
• €400 gross annual sport allowance for gym memberships, outdoor activities, sports equipment, running gear, and other wellness-related expenses

Appfire provides €50 per month to help cover home office and remote work expenses.

Employees receive 3 fully paid volunteering days each year through Appfire Town, our Corporate Social Responsibility (CSR) program supporting local communities.

Since its inception, Appfire has been a remote-first company. With 850+ employees (who we call fireflies) across 28 countries, we foster an environment where everyone is respected. We invest in team members by ensuring they grow professionally and personally.

At Appfire, CSR means embedding purpose, responsibility, and impact into everything we do. We use our people, products, and partnerships to make a meaningful difference in the world, we act responsibly as a business, and we empower communities while strengthening our skills and culture and fostering belonging across Appfire.

In 2015, Appfire joined the Pledge 1% network of organizations committed to philanthropy. Appfire has since grown our Pledge 1% program to include all four pledge types — product, profit, equity, and employee time. We were among the first to do this, and we’re proud that Pledge 1% is part of our evolution.

Appfire mission to equip and connect every team so they can plan and deliver their best work. We are committed to building a durable, multi-generational business, and to evolving, innovating, and scaling in a way that ensures stability and opportunity for years to come

What’s our secret sauce?

1. We follow teams. We do our research and build software that solves real-life collaboration challenges while being easy to implement and a joy to use. We’re proud to support over 20,000 customers and growing, including 55% of the Fortune 500. From the entertainment delivered by Netflix to the devices crafted by Samsung, and Dell Technologies and the financial transactions handled by Visa, Edward Jones, and US Bank, Appfire’s technology is indispensable. Our products also play a pivotal role in streamlining operations and fostering innovation at companies like Tesla and significant institutions such as NASA, Boeing, and many more. 
2. We enhance. Our software is designed to give developers, knowledge workers, and teams the ability to extend and get greater value from the platforms they’ve invested in and enjoy. So far, our solutions extend and enhance the capabilities offered by Atlassian, Microsoft, monday.com, and Salesforce. 
3. We build bridges and invest in our partners. Appfire's success is underscored by its channel program as its primary path to market. Today, Appfire has a dedicated Channel team supporting 800+ channel partners.
4. We make security and privacy a priority, but we also keep it simple for our customers. We’ve achieved International Organization for Standardization (ISO) 27001 and ISO 27017 and System and Organization Controls (SOC) SOC 2, Type I and SOC 2, Type II certifications. Our award-winning Appfire Trust Center, offers our customers, partners, and prospects the latest security, privacy, and compliance information, including pre-completed questionnaires (CAIQ, SIG, and VSA) with an accelerated NDA process and just one EULA to cover it all.

Appfire has been consistently recognized for company growth, culture, corporate social responsibility, and product excellence and has been included among the Deloitte Technology Fast 500, Inc. Best Workplaces, BuiltIn Best Places to Work, and Inc. 5000. Learn more about our accomplishments, which would not be possible without our team members, partners, and customers: https://appfire.com/awards.

Appfire is an equal opportunity employer and does not discriminate based on race, color, religion, sex (including pregnancy), sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, veteran status, or any other protected characteristic as defined by applicable law. Our commitment extends to all employment practices, including recruitment, hiring, training, promotion, compensation, benefits, and termination.