Remote Senior GRC Analyst

Summary

Join an industry with massive socio-economic and political importance in the 21st century. Work alongside some of the best and brightest minds in the security industry. Help prominent clients solve critical security problems. Make a tangible impact on our company, where individual input matters. Align your career trajectory with a hyper-growth company in the security industry.

Requirements

• Ideal candidate is focused on GRC with a background or passion in offensive security
• 3+ years of experience in cybersecurity, with a focus on GRC or risk management roles
• Experience executing NIST CSF, CIS Critical Controls, or other frameworks assessments, and implementing technologies that support the controls of these frameworks
• Familiarity with offensive security principles, including penetration testing, red teaming, or incident response
• Understanding of the security components of regulatory standards (PCI DSS, HIPAA, NYDFS) and risk management methodologies
• Experience with cloud environments
• Excellent oral and written communication skills for presenting to executive leadership
• A track record of security consulting experience is a significant plus
• Bachelor’s degree in Computer Science, Information Security, or a related field

Responsibilities

• Execute engagements focused on NIST Cybersecurity Framework (CSF), NIST Secure Software Development Framework (SSDF), CIS 18 Critical Security Controls, and other advisory based engagements
• Support clients in assessing their current governance, risk, and compliance (GRC) programs while developing strategic and tactical recommendations
• Assist in developing custom methodologies and frameworks that enhance client security postures
• Develop technical reports and presentations to be delivered to client executives (CISO, CIO, CSO)
• Stay current on industry trends and emerging threats, incorporating that knowledge into client engagements
• Collaborate with offensive security teams to bridge the gap between security assessments and broader GRC efforts
• Provide insights to clients by combining offensive security perspectives with industry-recognized frameworks

Preferred Qualifications

• Hands on work experience with offensive security assessments such as penetration testing or red teaming
• Hands-on experience with security testing platforms (Hack the Box, TryHackMe) or offensive security related certifications (OSCP, PNPT, BSCP, etc.)
• GRC centric certifications such as CISA, CRISC, CISSP
• Software development experience, either as a hobby or related to work
• Contributions to the security community (blogs, whitepapers, conference presentations)
• Familiarity with automated testing tools and manual offensive security testing methodologies

Benefits

• Competitive salary
• Equity Incentive Plan, offering ownership stakes in the company
• Continuous learning opportunities through our internal Learning & Development (L&D) program, including training, certifications, and conferences to support your career growth
• Recognition and rewards for speaking engagements at industry events and conferences
• Comprehensive health and dental insurance coverage
• Immediate 401(k) matching
• Paid maternity and paternity leave