Senior GRC Analyst

Summary

Join Juniper Square as a GRC Analyst and support the organization's governance, risk management, and compliance (GRC) program. You will build scalable risk management and compliance processes, possess strong analytical and problem-solving skills, and work with cross-functional stakeholders. Responsibilities include policy management, security and privacy training, phishing management, GRC metrics and reporting, risk management, third-party risk management, and compliance. The role requires a Bachelor's degree, 5+ years of experience in GRC, security, or audit, knowledge of GRC frameworks, and excellent communication skills. Juniper Square offers a competitive salary, health, dental, and vision care, life insurance, mental wellness coverage, fertility support, flex time off, paid leave, retirement plans, a work setup allowance, and a professional development stipend.

Requirements

• Bachelor's degree in information systems, engineering, business, risk management, or a related field
• 5+ years of experience in GRC, security, audit or a related field with past experience in managing a SOC2/ISO 27001 program
• Knowledge of GRC frameworks and regulations
• Experience developing scalable GRC processes
• Ability to work on multiple GRC projects simultaneously
• Ability to partner with stakeholders collaboratively “guardrails” without having a “gated” approach to risk management
• Excellent communication and interpersonal skills

Responsibilities

• Develop a comprehensive set of security and privacy policies and procedures working with Legal, HR, IT, Engineering
• Update policies and procedures annually while incorporating stakeholder feedback and obtain approval
• Define and manage incoming policy exceptions on an ongoing basis to manage associated risk
• Develop and implement role and team specific security and privacy training working closely with key business partners
• Manage the roll-out, escalation and completion of all security and privacy training modules
• Manage phishing campaigns on an ongoing basis with appropriate re-training processes baked into the process
• Refine existing phishing reporting processes and integrate this better with our incident management processes
• Ensure the GRC function meets key performance metrics
• Maintain business unit risk registers with existing teams on a monthly basis to appropriately address key risks areas
• Co-develop and coach business units on right-sized and right-scoped risk remediation plans
• Work with cross-functional teams to onboard new business units onto the risk management process
• Continuously improve vendor and contractor risk assessments during vendor onboarding with a defined SLA
• Conduct annual vendor monitoring and re-assessment processes for existing vendors
• Maintain the vendor risk register and work with vendors to reduce risk on an ongoing basis
• Maintain and onboard existing/new security compliance certifications and frameworks (e.g. SOC2, ISO and others)
• Work with cross-functional teams to procure controls evidence to provide to external auditors timely and issue reports timely
• Work cross functionally between teams and auditors to ensure a smooth and efficient audit process
• Improve the audit process through automation and controls rationalization year over year
• Monitor and test effectiveness of compliance control health throughout the year; not just during audits
• Serve as a subject matter expert for all things compliance
• Identify and assess business changes for relevant impacts on compliance posture (e.g. geographical expansion, internal tool replacement, new products)
• Maintain our trust center by keeping security documents and knowledge base up-to-date
• Support sales teams with open security and privacy questions
• Review incoming security and privacy addendums to customer contracts
• Support customer security and privacy audits
• Work with Sales and Solutions engineering to coach and educate teams on our security and compliance posture

Benefits

• Health, dental, and vision care for you and your family
• Life insurance
• Mental wellness coverage
• Fertility and growing family support
• Flex Time Off in addition to company paid holidays
• Paid family leave, medical leave, and bereavement leave policies
• Retirement saving plans
• Allowance to customize your work and technology setup at home
• Annual professional development stipend