Staff GRC Analyst

About The Position

Requirements

• Proven experience in managing GRC functions, ideally within a fast-paced, high-growth company.
• Strong understanding of ISO 27001, SOC 2, GDPR, CCPA, PCI-DSS, and SOX compliance standards.
• Excellent organizational, communication, and leadership skills.
• Ability to manage complex GRC initiatives and work across multiple teams.
• Ability to handle high-stress situations and effectively manage IT emergencies.
• Skilled in using GRC platforms and tools to manage compliance and risk management activities.
• Strong knowledge of security concepts, including risk management, identity and access management (IAM), key management, data protection, and network security.
• Track record of building security/GRC programs across various domains.

Nice To Haves

• Certifications such as CISA, CISM, CISSP, CRISC, or CCEP
• Experience with data protection and privacy law compliance.
• Familiarity with cloud security components of platforms like AWS, GCP, or Azure.
• Excellent problem-solving, analytical, and communication skills.
• Ability to work collaboratively with cross-functional teams, including IT, engineering, and HR teams.
• A passion for mentoring others.

Responsibilities

• Lead the configuration and management of GRC tools (Trust Centers, Learning Management Systems, Compliance Tracking, etc.) to ensure integration with security systems.
• Manage the main dashboard for SOC 2 reporting, ensuring accuracy and compliance.
• Develop and maintain a comprehensive risk management program and conduct risk assessments.
• Manage and conduct regular audits (weekly, monthly, quarterly, and bi-annual) across business, IT, and security processes to ensure best practices and legal compliance.
• Oversee the development and execution of security procedures across multiple domains.
• Develop, update, and maintain Contingency Planning strategies and procedures, including coordination of annual tabletop drills.
• Execute routine operational tasks related to security awareness training.
• Audit the access and compliance of third-party vendors and contractors.
• Review procurement requests for security standards and ensure all engagements meet company standards and regulatory requirements.
• Collaborate cross-functionally to identify and monitor security controls, map security controls to issues and risks, and mature the audit processes related to security controls that apply across multiple security frameworks.

Benefits

• Compensation: Competitive base pay tied to role and experience, with opportunities for bonuses, commissions, and equity.
• Benefits: Check out our full list at engine.com/culture.
• Environments for Success: Different roles have different needs in terms of the environments that drive success which is why we have a hybrid-hub model. Whether you are in one of our amazing offices or fully remote, we’ll make sure you have what you need to succeed.