GRC Analyst

Summary

Join BigID, a leading data security and privacy tech startup, as a Security GRC Analyst. You will play a key role in safeguarding our platform by driving risk management initiatives, maintaining compliance with standards like SOC 2 and ISO 27001, and collaborating with cross-functional teams. Responsibilities include managing compliance programs, utilizing GRC tools, assessing third-party risk, and contributing to disaster recovery plans. This role requires a Bachelor's degree, 3+ years of relevant experience, and in-depth knowledge of AWS security and compliance standards. BigID offers a people-centric culture, flexible work arrangements, and equity participation, fostering a rewarding and inclusive work environment.

Requirements

• Bachelor’s Degree in a relevant field or an equivalent combination of education, work experience, and professional certifications
• 3+ years of experience in a security audit, governance, or risk management role within the tech sector
• Experience with Confluence, Jira, and GRC tools like Anecdotes
• In-depth knowledge of AWS security best practices and services (e.g., AWS Certified Security Specialty)
• Familiarity with managing compliance for standards such as ISO 27001, SOC 2, HIPAA, PCI, and experience in supporting external audits
• Knowledge of regulatory frameworks like GDPR, CCPA, or other regional standards
• Proven ability to lead and manage projects, with strong organizational, analytical, and problem-solving skills
• Strong interpersonal skills with the ability to communicate effectively across teams and levels, driving alignment on security strategies
• Ability to thrive in a fast-paced, dynamic environment while delivering results and meeting deadlines
• Experience working in a global environment, understanding diverse regulatory and security requirements

Responsibilities

• Help maintain and improve security compliance and risk management documentation including policies, standards, and processes
• Help manage compliance programs for key certifications such as ISO 27001, SOC 2, HIPAA, PCI, and support external audits to maintain security certifications
• Collaborate on building and managing security and privacy risk management programs
• Support the use and optimization of Governance, Risk & Compliance (GRC) tools such as Anecdotes, Confluence, and Jira to drive effective security governance
• Assist in enforcing security policies and procedures based on industry standards, ensuring compliance across teams
• Assess and manage third-party risk for new and existing vendors to ensure their compliance with BigID’s security standards
• Assist in responding to customer security questionnaires, ensuring clarity and confidence in our security posture
• Work closely with various teams (engineering, legal, operations) to ensure understanding of control activities, provide training, and share security best practices across the organization
• Contribute to the development and continuous improvement of disaster recovery and business continuity plans
• Help track and report on metrics and KPIs to measure the effectiveness of security and risk management programs

Benefits

• Equity participation - everyone shares in our success
• Flexible work arrangements
• Other compulsory benefits based on country of residence