Security Assurance Engineer

We are seeking a Security Assurance Engineer to support our security risk management program with a strong focus on third-party risk assessments and hands-on technical security support. This role is ideal for someone with a solid technical security foundation who is interested in applying that knowledge to risk analysis, vendor assessments, and security decision-making.

Reporting to the CISO, the role primarily supports client-facing security assurance activities and provides support for Information Security operations and engineering, while also acting as an escalation point for technical/end user support.

KEY RESPONSIBILITIES

Third-Party Security Risk

• Perform third-party and vendor security risk assessments, including security questionnaires, evidence review, and control validation.
• Review SOC 1 / SOC 2 reports, penetration test summaries, and security documentation.
• Identify technical control gaps and clearly document risk, impact, and recommended remediation.
• Support vendor onboarding, renewals, and exception processes.
• Collaborate with procurement, legal, and business teams to ensure security and privacy requirements are integrated into vendor contracts and the lifecycle process.

Client & Stakeholder Support

• Compose thorough and well-articulated responses for client-facing security questionnaires, RFPs, and due diligence requests.
• Translate technical security controls into clear, accurate responses for non-technical audiences.
• Collaborate with internal teams to ensure consistent security messaging.

Technical Security & Operations Support

• Provide escalated technical support for security operations when risk or architectural analysis is required.
• Assist in evaluating and tuning security controls across cloud, identity, endpoint, and email security platforms.
• Participate in incident response activities, including technical investigation, impact analysis, and lessons learned.

Cloud, Identity & Security Tooling
Work hands-on with and assess controls across (but not limited to):

• Microsoft Azure and Entra ID (Azure AD)
• Conditional Access, identity protection, and access governance
• Microsoft Intune and endpoint security controls
• Microsoft Defender (Endpoint, Cloud, and Cloud Apps)
• Microsoft Purview (data protection and information governance)
• Proofpoint (email security)
• Zscaler (secure web gateway / zero trust access)
• Brand monitoring and digital risk protection tools

Risk & Documentation

• Document risk assessments, findings, and remediation tracking.
• Contribute to security standards, procedures, and control documentation.
• Support continuous improvement of third-party risk and cloud security practices.

QUALIFICATIONS

• Bachelor’s degree.
• 2+ years of experience working with Microsoft security platforms (Azure, Entra ID, Defender, Intune, Purview), or 5+ years with comparable tools.
• Experience with third-party risk assessments and security questionnaires.
• Clear written and verbal communication skills with technical and non-technical audiences.
• Strong technical understanding of identity, cloud, and endpoint security concepts.
• Ability to analyze technical configurations and translate them into risk-based findings.
• Ability to work in a fast-paced environment both independently and collaboratively.
• Strong organizational skills with the ability to manage multiple tasks and meet deadlines.

PREFERRED QUALIFICATIONS

• Experience supporting or participating in incident response.
• Exposure to frameworks such as NIST CSF, ISO 27001, or SOC 2.
• Experience in a regulated or client-facing environment.
• Relevant certifications (CISSP, CCSP, AZ-500, SC-200, SC-300, or similar).

The base salary offered will be determined by various factors such as geographic location, relevant experience, education, and qualifications.

GQG Partners LLC is an Equal Opportunity Employer and will not engage in unlawful discrimination on any basis prohibited by local, state or federal law. This policy applies to all aspects of employment, including recruitment, placement, promotion, transfer, demotion, compensation, benefits, social and recreational activities and termination.

For more information about equal employment opportunity, please click here for “EEO Is the Law.” GQG Partners LLC may participate in E-Verify, please view the following links for details in English and Spanish. For information regarding your Right to Work, click here for details in English and Spanish.

Please refer to our Applicant Privacy Notice for important privacy disclosures. 

Tagged as: Hybrid