Senior Security Analyst

IT Operations · New Zealand, Remote
Department IT Operations
Employment Type Full-time
Minimum Experience Experienced

Who we are and what we do

Author-it Software Co. (ASC) is a world leading provider of on-premise and cloud-based products for authoring technical publications, e-learning and pharmaceutical information. 

What does that mean for our customers? Our tools are used by some of the world’s largest organisations to enable reuse, reassembly and multiformat consumption of mission critical content.  Our two software platforms, Docuvera and Author-it, enable the transformation of how our customers create and manage their content, leveraging a component first approach where content is broken down, easily assembled into documents, and reused across their organisation. 

Our two products serve different industries; Docuvera’s focus is solving the problem of inefficiency in creating and updating documentation through the drug development lifecycle for biopharma for large global Life Science customers, while Author-it provides technical documentation, learning & development, and compliance solutions for high-tech, manufacturing, energy and more, at enterprise scale across the globe. 

Established in 2000 in New Zealand, our talented team of over 100 people are based in New Zealand, Europe, and the United States, working across our Technology, Product, Quality, Customer Success, Marketing, Sales, Finance and People Experience divisions.


The part you’ll play

The Senior Security Analyst will be responsible for leading and managing the development and evolution of ASC’s security design and cybersecurity practice. The Senior Security Analyst will lead security designs and patterns; highlighting and clearly articulating risk mitigation requirements to both technical teams and non-technical teams and wider stakeholders, including the Information Security Team. You will be responsible for leading ASC's ISO 27001 alignment, creating security roadmaps and design artefacts, co-authoring regular security control reports, and making improvement recommendations for ASC’s overall security posture. This role will be a part of the Information Security Team responding to customer security questionnaires and review proposed customer contracts.

Other tasks will include involvement in the implementation of new security solutions, participation in the creation and or maintenance of policies, standards, baselines, guidelines and procedures as well as contributing to vulnerability audits, security advisories and risk assessments.

A Senior Security Analyst is expected to be fully aware of ASC’s security goals as established by its stated policies, procedures, and guidelines, and to actively work towards upholding those goals.

You will be someone who has a strong interest or understanding of security concepts, infrastructure or application development and use this to develop an understanding of practicing good security disciplines. This role reports to Head of IT Operations.


What you’ll focus on

  • Be a champion for secure best practice and customer safety
  • Ensure that ASC’s security controls are implemented in line with ISO 27001
  • Design and oversee the implementation of security practices and solutions, and help to develop new industry-leading security initiatives
  • Analysing data from monitoring sources to identify malicious intent, trends, and areas for improvement
  • Identifying and reporting systemic weaknesses in control effectiveness
  • Contribute to the ongoing maintenance of security documentation within our quality system
  • Lead the design and execution of vulnerability assessments and penetration tests
  • Work with 3rd party suppliers to ensure that systems security lifecycle is maintained and develop an understanding of supplier roadmaps
  • Create business-focused security reports - security incidents, analyses trends and data, summary reports with recommendations
  • Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors


What you’ll bring to the role

At ASC we know that the mixture of experience, skills and attitude are key ingredients in making a team succeed so we need the right people on board. 


You will have this experience and knowledge

  • 10+ years’ experience in security related operations and practices
  • Experience with certification of ISO 27001 and familiarity with industry security frameworks
  • Great technology fundamentals covering operating systems, cloud infrastructure, web services and web application development or a mix
  • Good examples of experience in past technology research and investigation 
  • Hands-on experience with AWS
  • People Capability Leadership of Security Engineers      
  • Experience in leading, designing, developing and deploying systems 
  • A broad understanding and exposure to a range of security areas such as compliance, cybersecurity, network security, and perimeter defence is essential.
  • Working practical knowledge of risk management and vulnerability assessment
  • Familiar with security tools for vulnerability testing, digital forensics, and general enterprise-scale security operations
  • Familiar with legal and regulatory requirements relevant to ASC
  • Experience with agile practices and environments


You will have refined these skills

  • Outcomes focused and agility to cope with multiple demands and changing priorities in a fast-paced environment 
  • Proven ability to navigate areas of conflict in an open, positive and proactive way  
  • An eagerness to delve deep into technical security aspects
  • Take ownership of problems and solve them
  • Excellent written communication skills
  • Your team-first mindset. Your way of working is collaborative
  • A willingness to learn, to adapt to try new things, or take on a different perspective
  • Resiliency, as change comes with the territory in a scale up tech environment
  • A positive attitude and strong EQ to build and maintain a great connection with your team members across ASC
  • The ability to think outside the box and focus on solutions


You’ll have these certifications or qualifications

  • CISSP: Certified Information Systems Security Professional certification would be ideal


How We Do Things Here

Our guiding principles, entitled How We Do Things Here, set the tone for life at ASC.

  • We delight our customers
  • We focus on solutions
  • We act with integrity
  • We nurture growth
  • We put people first

That gives you an idea of how we work together.

Of the many qualities our diverse global team have, one that stands out is our passion for what we do. We take pride in our work and we are constantly learning and adapt to try new things or take on a different perspective. We enjoy and thrive in our rapidly changing environment, which requires flexibility and self-discipline, but, in return, we relish the excitement that we are part of a fast-paced scale up business working on transformative technology.


Why ASC is an awesome place to grow your career

We operate in a high trust environment, and we really walk the talk.  We aspire for everyone to be themselves and be comfortable at work, so we put great emphasis on ensuring our people have what they need to be at their best. 

This includes:

  • offering a digital first, fully flexible working style
  • having modern tools and systems
  • relaxed office hubs in some countries, stocked with free drinks and snacks
  • offering extra paid time off for year end closedown and your birthday (with unlimited PTO in the USA)
  • rewarding our long serving people with long service leave
  • engaging everyone in reward and recognition programs
  • access to various wellbeing platforms
  • a focus on personal growth, including dedicated ‘tools down’ personal development time
  • in the USA, we offer fully funded health benefits, like dental and medical.

all within in a diverse, supportive, and inclusive global community.

Thank You

Your application was submitted successfully.

  • Location
    New Zealand, Remote
  • Department
    IT Operations
  • Employment Type
    Full-time
  • Minimum Experience
    Experienced