Who We Are:

TradeStation is the home of those born to trade. As an online brokerage firm and trading ecosystem, we are focused on delivering the ultimate trading experience for active traders and institutions. We continuously push the boundaries of what's possible, encourage out-of-the-box thinking, and relentlessly search for like-minded innovators.

At TradeStation, we are building an AI-First culture. We expect team members to embrace AI as a core part of their daily workflow, whether that’s using AI to accelerate development, enhance decision-making, improve client outcomes, or streamline internal processes. We hire, grow, and promote people who can harness AI responsibly and creatively. We treat AI as a partner in problem-solving, not just a tool; following our governance standards to ensure AI is used ethically, securely, and transparently. If you join us, you’re joining a culture where AI is how we work.

Are you ready to make yourself at home?

What We Are Looking For:

We are seeking a Senior Security Analyst to serve as a critical operational partner within TradeStation's Security Governance, Risk & Oversight (GRO) function. This role requires someone who operates with autonomy, exercises sound judgment, and can drive security initiatives to completion across multiple stakeholders without constant oversight.

Reporting to the Director of Information Security, you will be responsible for executing and coordinating key GRO activities including audit support, risk assessments, policy lifecycle management, incident response documentation, and security awareness program operations. You will serve as a key executor and coordinator of the GRO function, helping support effective processes, productive meetings, and timely completion of deliverables.

This role is ideal for someone with strong project management instincts, excellent organizational skills, and the ability to leverage AI tools to enhance efficiency and quality of work. You must be comfortable working independently, following through on commitments, and knowing when to escalate issues or seek guidance.

What You’ll Be Doing:

Audit & Regulatory Compliance Support

• Serve as a coordinator for information security audit activities (JSOX, SEC, FINRA, NFA, NIST CSF, DORA), including evidence collection, documentation preparation, and stakeholder liaison
• Track audit findings and remediation activities through completion, maintaining clear documentation and status reports
• Prepare audit request responses, control narratives, and testing evidence in partnership with control owners across the organization
• Manage completion of security questionnaires from partners, customers, and regulators, coordinating responses across multiple stakeholders and ensuring timely, accurate submissions
• Support quarterly access reviews, IT general control testing, and documentation of results

Risk Management Program Operations

• Execute security risk assessments across technology projects, business initiatives, and operational changes using established frameworks and methodologies
• Document identified risks in the security risk register with clear ownership, treatment plans, and remediation timelines
• Track risk remediation progress and coordinate with stakeholders to ensure timely closure
• Manage the development and maintenance of risk dashboards and metrics for leadership reporting
• Manage third-party security risk assessments as part of vendor onboarding and ongoing monitoring

Incident Response Documentation & Coordination

• Attend incident response bridge calls, take detailed notes, and ensure accurate documentation of incident timelines, actions taken, and decisions made
• Draft and finalize incident reports, including root cause analysis, impact assessment, and remediation recommendations
• Follow up with incident stakeholders to ensure post-incident action items are completed and documented
• Manage the incident tracking system and support incident metrics reporting
• Coordinate and manage post-incident review meetings and ensure lessons learned are captured and integrated into process improvements

Policy, Governance & Security Framework Management

• Build and maintain a comprehensive security control catalog aligned with industry frameworks (NIST CSF, ISO 27001, CIS Controls and more)
• Map existing security controls to applicable regulatory requirements (PCI DSS, GDPR, CCPA, FINRA, SEC) and framework standards
• Identify control gaps and work with stakeholders to develop remediation plans
• Manage and maintain control documentation including implementation details, ownership, and evidence sources
• Manage control effectiveness assessments and coordinate testing activities with control owners
• Assist in the development, review, and update of information security policies and standards
• Coordinate policy review cycles, track stakeholder feedback, and maintain policy documentation repositories
• Support policy attestation campaigns and track compliance metrics
• Assist in maintaining governance documentation including procedures, guidelines, and reference materials

Stakeholder Communication & Workload Coordination

• Manage and coordinate operational meetings with clear agendas, accurate minutes, and defined action items with owners and due dates
• Follow up proactively with stakeholders to help move tasks to completion without constant reminders from leadership
• Maintain project tracking systems for GRO initiatives, ensuring visibility into status, blockers, and upcoming deadlines
• Coordinate working sessions with teams to handle governance-related activities
• Provide operational support for the security awareness program, including campaign coordination and metrics tracking
• Exercise judgment in prioritizing competing demands and escalating issues appropriately when needed

Process Improvement, Automation & AI-Enabled Efficiency

• Identify opportunities to streamline GRO processes through automation, better tooling, or workflow redesign
• Leverage AI tools responsibly to enhance documentation quality, accelerate research, improve analysis, and increase operational efficiency
• Develop templates, playbooks, and standard operating procedures to improve consistency and reduce manual effort
• Support the integration of AI capabilities into GRO workflows while ensuring alignment with governance standards

The Skills You Bring:

• Operational excellence: Strong project management mindset with exceptional organizational skills and attention to detail
• Autonomy and judgment: Ability to work independently, make sound decisions, and know when to escalate or seek guidance
• Follow-through: Proven track record of driving initiatives to completion and following up with  stakeholders on assigned tasks
• Communication skills: Excellent written and verbal communication skills, including the ability to facilitate meetings, document complex topics clearly, and interact professionally with all organizational levels
• AI proficiency: Demonstrated ability to leverage AI tools to enhance work quality, accelerate tasks, and solve problems creatively
• Security foundation: Solid understanding of information security principles, control frameworks (NIST CSF, SOC 2, ISO 27001, COBIT), and regulatory requirements relevant to financial services
• Audit and compliance experience: Working knowledge of IT audit processes, control testing, and evidence documentation
• Risk assessment & documentation: Ability to support or conduct security risk assessments, document risk details clearly, and track remediation activities to closure
• Incident response familiarity: Understanding of incident response processes, documentation requirements, and the coordination needed to support response and post-incident activities
• Collaboration: Ability to work effectively across IT, Compliance, ERM, and business units to achieve shared objectives
• Adaptability: Comfortable operating in dynamic environments where priorities shift and requirements evolve
• Problem Solving: Practical problem-solving approach that balances process with pragmatism
• Demonstrated experience with audit coordination, control testing, and evidence documentation
• Strong proficiency with Microsoft Office, collaboration tools (Jira, Confluence, SharePoint), and project management practices
• One or more industry-recognized security certifications: CISSP, CISM, CISA, CRISC, Security+, CASP+, CySA+, or GIAC certifications preferred
• Experience with GRC platforms (Archer, ServiceNow GRC, AuditBoard) or similar tools preferred
• Working knowledge of cloud security in AWS and Azure environments preferred
• Experience in financial services, fintech, or other highly regulated industries preferred
• Familiarity with Agile, SDLC, and CI/CD concepts preferred
• Knowledge of incident response frameworks and processes preferred
• Demonstrated progression toward a security career path and willingness to pursue relevant certifications preferred

Minimum Qualifications:

• Must be in Costa Rica and able to work core US Eastern Time hours
• Bachelor's degree in Information Technology, Computer Science, Information Security, or related field; OR equivalent combination of relevant education, training, and experience
• 5-7 years of Information Technology and/or Information Security work experience
• 3+ years of experience in Information Security with emphasis on GRC, IT audit, IT compliance, and/or IT risk management
• 2+ years of experience operating security controls, policies, and compliance programs in regulated environments
• Ability to travel to company offices, including international offices, or other locations occasionally as needed for meetings, training, to perform work tasks, etc.

What We Offer:

• Collaborative work environment
• Competitive Salaries
• Yearly bonus
• Comprehensive benefits for you and your family starting Day 1
• Flexible Paid Time Off
• Remote working environment
• TradeStation Account employee benefits, as well as full access to trading education materials

#LI-Remote