Senior GRC Analyst

About The Position

Requirements

• Bachelor's degree in information systems, engineering, business, risk management, or a related field
• 5+ years of experience in GRC, security, audit or a related field with past experience in managing a SOC2/ISO 27001 program
• Knowledge of GRC frameworks and regulations
• Experience developing scalable GRC processes
• Ability to work on multiple GRC projects simultaneously
• Ability to partner with stakeholders collaboratively “guardrails” without having a “gated” approach to risk management
• Excellent communication and interpersonal skills

Responsibilities

• Maintain and onboard existing/new security compliance certifications and frameworks (e.g. SOC2, ISO and others)
• Work with cross-functional teams to procure controls evidence to provide to external auditors timely and issue reports timely.
• Work cross functionally between teams and auditors to ensure a smooth and efficient audit process
• Improve the audit process through automation and controls rationalization year over year
• Monitor and test effectiveness of compliance control health throughout the year; not just during audits
• Serve as a subject matter expert for all things compliance
• Identify and assess business changes for relevant impacts on compliance posture (e.g. geographical expansion, internal tool replacement, new products)
• Maintain our trust center by keeping security documents and knowledge base up-to-date
• Support sales teams with open security and privacy questions
• Review incoming security and privacy addendums to customer contracts
• Support customer security and privacy audits
• Work with Sales and Solutions engineering to coach and educate teams on our security and compliance posture
• Develop a comprehensive set of security and privacy policies and procedures working with Legal, HR, IT, Engineering.
• Update policies and procedures annually while incorporating stakeholder feedback and obtain approval
• Define and manage incoming policy exceptions on an ongoing basis to manage associated risk
• Develop and implement role and team specific security and privacy training working closely with key business partners.
• Manage the roll-out, escalation and completion of all security and privacy training modules.
• Manage phishing campaigns on an ongoing basis with appropriate re-training processes baked into the process
• Refine existing phishing reporting processes and integrate this better with our incident management processes
• Ensure the GRC function meets key performance metrics
• Maintain business unit risk registers with existing teams on a monthly basis to appropriately address key risks areas
• Co-develop and coach business units on right-sized and right-scoped risk remediation plans
• Work with cross-functional teams to onboard new business units onto the risk management process
• Triage incoming technical security requests for vendor application/system integrations and route to appropriate teams for input.
• Conduct security risk assessments and audits of vendors to evaluate the maturity of their security programs, controls, and documentation.

Benefits

• Health, dental, and vision care for you and your family
• Life insurance
• Mental wellness coverage
• Fertility and growing family support
• Flex Time Off in addition to company paid holidays
• Paid family leave, medical leave, and bereavement leave policies
• Retirement saving plans
• Allowance to customize your work and technology setup at home
• Annual professional development stipend