Before you apply: Here is an interview Q&A for you: Click here

NOTE: Here is why some companies may not hire you.

Information Security Specialist at Halcyon, Remote (Global)

Halcyon is seeking a seasoned and collaborative Senior Information Security Specialist to support the advancement of our cybersecurity and GRC (Governance, Risk, and Compliance) programs. In this role, you will play a critical part in strengthening our enterprise-wide security posture by coordinating across teams, managing third-party risk, supporting compliance initiatives, and maturing internal security processes and documentation. Your responsibilities will span operational security, risk assessment, policy development, and incident response preparedness.

Responsibilities:

• Perform and maintain third-party risk assessments and track vendor remediation activities.
• Support coordination and analysis of internal and external security testing, including vulnerability scans and penetration tests.
• Develop, track, and follow up on corrective action plans for identified security gaps or audit findings.
• Collaborate with managed security service providers and internal stakeholders to monitor and manage security events and escalations.
• Partner with engineering and operations teams to ensure implementation of security and compliance requirements across the organization.
• Assist in developing, maintaining, and communicating information security policies, standards, and procedures.
• Coordinate security incident response planning, disaster recovery testing, and business continuity exercises.
• Monitor and support enforcement of technical and administrative security controls across the enterprise.
• Stay current with evolving security and privacy regulations and frameworks (e.g., SOC 2, ISO 27001, TX-RAMP, FedRAMP).

Skills and Qualifications:

• 5+ years of experience in information security, GRC, or IT risk management.
• Strong understanding of cybersecurity concepts, controls, and risk frameworks.
• Demonstrated experience with third-party risk management processes and tooling.
• Proven ability to coordinate security testing and vulnerability management efforts.
• Excellent communication, documentation, and cross-functional collaboration skills.
• Ability to assess and implement technical and administrative controls across cloud and hybrid environments.
• Experience with regulatory compliance and audit support in fast-paced environments.
• Hands-on participation in incident response or disaster recovery exercises is a plus.

Bonus Skills and Qualifications:

• Experience with compliance platforms (e.g., Drata, Vanta).
• Knowledge of security frameworks beyond SOC 2 and ISO 27001, such as NIST 800-53 or CIS Controls.
• Familiarity with secure software development practices or DevSecOps principles.
• Background in auditing or supporting third-party security assessments.
• Experience with Microsoft 365 and/or Google Workspace security configuration.
• Exposure to regulatory environments such as HIPAA, GDPR, or CCPA.
• Certifications such as CISSP, CISA, CISM, Security+, or similar are a plus.

Benefits:

Halcyon offers the following benefits to eligible employees:

• Comprehensive healthcare (medical, dental, and vision) with premiums paid in full for employees and dependents.
• 401k plan with a generous employer contribution.
• Short and long-term disability coverage, basic life and AD&D insurance plans.
• Medical and dependent care FSA options.
• Flexible PTO policy.
• Parental leave.
• Generous equity offering.

The Company reserves the right to modify or change these benefits programs at any time, with or without notice.​

Base Salary Range: $120,000 – $160,000

Bonus Target: 10%

In accordance with applicable state and federal laws, the range provided is Halcyon’s reasonable estimate of the base compensation for this role. The actual amount may differ based on non-discriminatory factors such as experience, knowledge, skills, abilities, and location. Base pay is one part of the total package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and equity in the Company.