Analyst, GRC

Summary

Join Outreach, a leading AI Sales Execution Platform company, as a Governance, Risk, and Compliance professional. You will play a crucial role in maintaining and achieving accreditations like ISO 27001, ISO 27701, SOC 2, and HIPAA. This role involves collaborating with cross-functional teams to support policy management, participate in audits, and enhance the overall security posture. You will contribute to the GRC strategy, develop information security policies, and work with control owners to ensure effective monitoring. The position requires experience in managing compliance programs, handling external audits, and working in cloud environments. This remote or hybrid role offers a competitive salary and benefits package.

Requirements

• 2+ years of building and managing compliance programs including policy definition and control design
• Bachelor’s degree
• Ability to work well within a team atmosphere as well as independently to achieve results within the dynamic Outreach culture
• Hands-on experience managing external auditors and on-site audits including proven experience passing ISO 27001, SOC 2 Type II and HIPAA audits
• Experience in establishing and maintaining compliance in AWS and cloud environments
• Thorough understanding of the latest regulatory requirements and associated security principles
• Excellent interpersonal and management skills
• Strong written and verbal communication skills
• Problem solving skills and ability to work under pressure
• Ability to maintain extreme confidentiality
• Willingness to take on additional responsibilities, as needed

Responsibilities

• Supporting the Outreach Information Security Management System (ISMS) governance, risk and compliance activities
• Contributing to our GRC strategy to keep pace with Outreach’s rapid growth while reducing audit impact on operational and engineering teams
• Developing and evolving information security policies and helping educate teams of their responsibilities and obligations
• Translating key internal, industry and regulatory obligations including the ISO 27001, ISO 27701, SOC 2 and HIPAA into appropriate administrative and technical controls and educating control owners
• Working with control owners to ensure effective and efficient control monitoring, as well as appropriate visibility of control activity
• Reviewing the operating effectiveness of current controls and developing a program of continual optimization based on feedback from both the ISMS and operational teams
• Extending the control framework to leverage commonalities between multiple assessments and improve the overall efficiency of the Outreach audit program
• Assisting internal teams through the preparation for and successful completion of a variety of key industry and regulatory audits from audit readiness through final assessment including remediation activities
• Helping to coordinate key internal, industry and regulatory audits including ISO 27001, SOC 2, and others
• Ensuring all in-scope functions and teams are prepared for audits
• Assisting with auditor relationships
• Incorporating audit findings and recommendations into the Information Security Management System (ISMS) and Control Framework programs
• Training and communicating responsibilities to control owners including the mapping, review and feedback of controls to specific audit requirements
• Reviewing audit evidence and any findings to assess and improve control effectiveness
• Working with Outreach management teams and engineers to identify and capture security risks and collaborate with risk owners to identify and put effective mitigations and remediations into place
• Ensuring cross company support of all aspects of security by establishing partnerships with other Outreach teams with the overarching goal of improving trust of Outreach and its products
• Demonstrated expertise in managing and ensuring compliance with organizational policies, including the development, implementation, and continuous improvement of policy management systems
• Support in the efforts of our vendor risk management program, including, but not limited to the assessment of, and follow up of governance documentation related to, vendor risk

Preferred Qualifications

• A minimum of 2 years of experience in the technical interpretation and practical application of an information security program specifically in governance, risk, and compliance
• SOX IT Controls experience
• Extensive information security auditing and compliance experience
• Experience authoring and management of information security policies and standards
• Strong project management experience
• Direct experience interpreting industry and regulatory security requirements and authoring supporting controls
• Experience working as/or with auditors through complex audits
• Have a history of successful cross-organizational efforts
• Ability to analyze problems and make appropriate decisions quickly
• Ability to drive large, complex projects and create solutions
• Experience driving the development of GRC program strategies, performance metrics, and articulating business value and costs

Benefits

• Flexible time off
• 401k to help you save for the future
• Generous medical, dental, and vision coverage for full-time employees and their dependents
• A parental leave program that includes options for a paid night nurse, and a gradual return to work
• Infertility/ assisted reproductive services benefit
• Employee referral bonuses to encourage the addition of great new people to the team
• Snacks and beverages in the Office, along with fun events to celebrate
• Diversity and inclusion programs that promote employee resource groups like Outreach Women's Network, Latinx community, Outreach Black Connection, AAPI community, Pride/LGBTQIA+, Gender+, Disability Community, and Veterans/Military