Job Description

Job Description

Who Is Elementum?

Elementum is the innovative startup that’s using AI Driven Workflows so that businesses can operate faster, smarter, and cheaper. Elementum’s unique IP allows its platform to run natively inside its customers’ own data clouds, enabling instant automation without any integrations or APIs. It’s also fully pre-integrated with all of the leading public and private AI/ML/LLMs, making it the only choice for secure, AI-driven automation. Industry leaders like Sanofi, Under Armour, and Snowflake are using AI Driven Workflows to transform their operations to increase productivity, delight customers, and capture market share.

Job Scope

Elementum is looking for an experienced Information Security Analyst to join our team. This role is a key driver of Governance, Risk, and Compliance (GRC) efforts, responsible for implementing and maintaining the organization’s security program, with a special focus on securing our AI-Driven Workflow platform and its native execution environment.

The Information Security Analyst will interface directly with various teams and support security compliance efforts across the company and its products. This role reports to the company’s Senior Audit Manager.

What You'll Do

• Vendor Risk Management (VRM): Conduct thorough security assessments of third-party vendors, partners, and suppliers, particularly those providing AI/ML/LLM services or data cloud infrastructure, to identify potential risks and vulnerabilities.
• Risk & Compliance: Operate and enhance Elementum’s risk management processes by conducting comprehensive risk assessments of the Elementum platform's native data cloud deployment model and developing supporting documentation.
• Collaborate closely with internal Engineering and Product teams to ensure the security and compliance of the AI-Driven Workflow features and the native execution environment.
• Engage with internal and external stakeholders to assess the functionality of key information security controls related to vendor or in-house developed software/systems.
• Analyze security reports, vulnerability scans, and other relevant data to make informed decisions and recommendations for improving the security posture of our platform.
• Manage security issues and tasks assigned to vendors to closure, actively reducing associated security risks.
• Complete detailed customer security and compliance questionnaires to offer assurance of Elementum's security posture regarding data cloud security, access control, and AI governance.
• Identify improvement opportunities and provide strategic feedback to senior team members and management regarding the evolving security landscape in the AI and Data Cloud space.
• Stay up-to-date with the latest security trends, vulnerabilities, and industry best practices related to LLM security, data cloud governance (e.g., Snowflake, Databricks, etc.), and data privacy regulations (GDPR, CCPA).
• Assist in the creation and maintenance of documentation related to third-party security assessments and internal compliance processes.

You Should Have

• 2-3 years of experience in vendor risk, compliance, or security roles with hands-on experience in third-party security risk management.
• Strong familiarity with ISO 27001 and SOC 2 (given the enterprise focus), and some familiarity with other relevant security frameworks such as NIST CSF & 800-53, SOX, SOC1, HITRUST/HIPAA, GDPR, CCPA, GxP, etc.
• Demonstrable knowledge of or direct experience working with Cloud security and governance (AWS, Azure, GCP) and data cloud environments (Snowflake, Databricks).
• Bachelor's degree in an IT-related field, cyber security, or equivalent experience.
• 2+ years of project management experience, preferably involving security compliance initiatives.
• Experience in external or internal security audit/compliance activities.
• Strong knowledge of risk management methods, standards, processes, governance models, and industry-standard risk analysis approaches.
• Excellent written and verbal communication skills with the ability to present complex GRC and technical security information clearly to executives and customers.
• Ability to think both strategically and tactically in a high-energy, fast-paced environment.
• Proven ability to take ownership, self-motivate, and deliver results in ambiguous environments.

Nice to Have

• Certifications: CRISC, CISA, or equivalent.
• Prior experience in a startup or high-growth company operating in the AI/ML or Data Cloud space.
• Understanding of working in regulated environments such as GDPR, CCPA, or HIPAA.

Competitive Benefits

• Medical, dental, and vision coverage
• 401k matching
• Flexible vacation policy
• Engage with (and give high-fives to) senior management regularly
• Get in on the ground floor of a huge opportunity

Job Tags

Similar Jobs