Sr GRC Analyst

Key responsibilities:

  • Examine, evaluate, and document internal controls based on various security standards (NIST CSF, SOC2, ISO-27001, etc.)
  • Lead IT-related audits and examinations conducted by external parties
  • Align policies, standards and procedures with compliance objectives
  • Prepare metrics and reports for management on the status of GRC objectives
  • Evaluate and respond to customer/prospect questions and audits. Assist in aligning compliance reports and public-facing Trust Page to reduce the overall number of customer requests
  • Remain up to date on current security laws, regulations and standards
  • Represent the GRC Team by participating directly with projects and provide guidance, requirements and documentation for security-related purposes when requested
  • Create, evaluate, document and maintain standards, processes and procedures relative to security and privacy
  • Engage with management to identify possible resolutions to control weaknesses and opportunities for improvement.
  • Perform GRC recurring tasks as required 
  • Provide consultative guidance and oversight to project teams to design, develop, deploy and sustain solutions that meet compliance requirements, including but not limited to a set of technical deliverables, cost, schedule, quality, and status reporting
  • Assist in selecting, configuring and/or administering program via GRC tools
  • Prepare, update and maintain customer-facing documentation
  • Assist with building and/or testing integrations and automations with SaaS/IaaS platforms to collect evidence for security audits and monitor for security configurations
  • Assist with developing configuration monitoring capabilities for SaaS and IaaS platforms

What We’re Looking For

  • Degree or equivalent in Computer Science or related field
  • 5-8 years of experience in Information Security with a specialization in one area of GRC 
  • Co-create and help articulate Information Security strategy across the company
  • A broad understanding of all security domains, CISSP or similar certification preferred
  • Experience working with engineering teams to understand issues and prioritize remediations
  • Proficiency with common information security frameworks including SOC2, NIST CSF, and ISO 27001
  • Demonstrated ability to collaborate effectively across teams 
  • Familiarity and experience with IT/Security/GRC toolset, such as : Jira, Confluence, Whistic, GRC platforms,risk ratings tools, data collection tools
  • Ability to analyze empirical evidence and technical reports, identify root causes, recommend solutions, prioritize projects according to risk and compliance drivers, and drive technical projects through to completion. 
  • Familiarly with different cloud concepts and tooling including AWS, GCP 
  • Experience in a remote-first and distributed environment
  • Someone willing to adapt to change in a fast moving environment
  • Experience with cloud-native pre-IPO startup companies
  • Experience with AWS security services and tooling

WHAT WE OFFER:

  • The chance to work in a fast-paced start-up environment with experienced industry leaders
  • A learning environment where you can dive deep into the latest technologies and make an impact
  • Competitive salary and equity
  • 100% paid medical and dental and 95% paid vision insurance for employees starting on your first day
  • 401k (with match), commuter benefits
  • Industry-leading parental leave policies
  • Generous wellness reimbursement and weekly onsite programs
  • Flexible vacation policy – work with your manager to take time off when you need it
  • Employee giving match
  • Modern office in San Francisco’s Financial District
  • Fully-stocked kitchen with organic snacks, beverages, and coffee drinks
  • Weekly company meeting – ask me anything style discussion with our Leadership Team
  • Team outings to sports games, happy hours, game nights and more!