Principal Governance, Risk, and Compliance Analyst

Logo of Red Canary

Red Canary

πŸ’΅ $130k-$150k
πŸ“Remote - Worldwide

Job highlights

Summary

Join Red Canary's GRC team as a Principal GRC Analyst and play a crucial role in ensuring the security and compliance of our platforms, data, and people. You will lead governance, risk, and compliance initiatives, conduct regular reviews of policies and controls, and design projects to automate data collection and presentation. This role involves leading internal and external audits, managing security certifications, and overseeing vendor risk management. You will also support the sales team and lead security awareness training and business continuity exercises. The ideal candidate possesses extensive experience in SOC 2 Type II and ISO 27001 audits, along with strong communication and project management skills.

Requirements

  • 5+ years of experience with SOC 2 Type II and ISO 27001 audits
  • 5+ years of managing or performing security questionnaires and vendor assessments
  • Experience addressing security and compliance terms in commercial contracts
  • The ability to articulate and shift between various compliance and regulatory frameworks
  • An understanding of the unique risks presented by cloud-native architecture and compliance and audit strategies for environments heavily reliant on SaaS
  • Strong experience interacting with auditors and gaining their confidence as a source of truth
  • Expertise in designing and managing strategies to identify, articulate, and mitigate risks
  • Experience in designing and implementing automation to the collection and presentation of audit data
  • Outstanding written and verbal communication skills
  • A practical mindset that can balance compliance and business needs
  • The ability to lead multiple projects simultaneously
  • A patient and positive attitude

Responsibilities

  • Lead governance, risk, and compliance initiatives
  • Lead regular reviews to ensure that policies and controls are effective, while aligning them to company values and all applicable compliance requirements; identify potential improvements and manage their implementation
  • Identify, design, and lead projects to automate the collection and presentation of auditing data for internal and external consumption
  • Lead internal audits and risk assessments of the Red Canary environment; identify potential improvements and manage their implementation
  • Schedule, prepare for, and lead annual external audits against SOC 2 Type II, ISO 27001, ISO 27701, and other standards
  • Maintain security and compliance certifications; identify and manage new certification initiatives
  • Lead the vendor risk management function for evaluating Red Canary’s vendors and partners to identify potential risks; identify potential improvements and manage their implementation
  • Lead the response to questions and questionnaires from customers, potential customers, and partners regarding security and compliance; identify potential improvements and manage their implementation
  • Support the sales team in vetting security and compliance terms in customer contracts
  • Help oversee security awareness training that is both relevant and instructive
  • Lead relevant and engaging business continuity and incident response exercises

Preferred Qualifications

Experience with audits under ISO 27701, FedRAMP, and CMMC experience is a plus

Share this job:

Disclaimer: Please check that the job is real before you apply. Applying might take you to another website that we don't own. Please be aware that any actions taken during the application process are solely your responsibility, and we bear no responsibility for any outcomes.
Please let Red Canary know you found this job on JobsCollider. Thanks! πŸ™