Staff Security GRC Analyst

Summary

Join Opendoor as a Staff Security GRC Analyst and play a crucial role in identifying, assessing, and prioritizing security risks across large areas of the business. As a key member of the team, you will be responsible for orchestrating security risk assessments at both macro and micro levels, developing effective risk mitigation strategies, and communicating these risks to stakeholders and decision-makers.

Responsibilities

• Own end to end security risk management methodology to enhance the organization's security posture, including root cause analysis, stakeholder management, and leadership communication on findings and resolution
• Identify, assess, and prioritize security risks across different areas of the Security and Engineering organization
• Orchestrate security risk assessments at both macro and micro levels
• Develop and communicate risk assessment and treatment strategies to stakeholders and decision-makers using broad industry expertise
• Stay updated on regulatory requirements and industry best practices to ensure compliance and alignment with standards
• Own successful collaboration between IT, Engineering, People, Legal, and other stakeholders to address security risks effectively
• Advise security leadership and key stakeholders on the impact of the risk signals ingested by the system
• Develop, document, and operate a security risk management program, complementary to Opendoor that accounts for risk quantification, standards (e.g., NIST CSF) based capability maturity, effectiveness, measurement and monitoring of controls effectiveness and broader risk signals
• Support reporting with risk insights into, and evidence of, emerging information security risks
• Design, establishment, and tracking of KPIs and KRIs against risk appetite statements
• Provide consideration, and guidance on regulatory matters and mitigate against uncertainty
• Establish a system of key risk indicators for Opendoor to evaluate aggregate current information security risk at a glance for executive review and decision making
• Facilitating effective risk domain management and evaluating risk domain governance controls for Opendoor