[Hiring] Senior GRC Analyst @Juniper Square

Role Description

As a Senior GRC Analyst, you are responsible for supporting the organization's governance, risk management, and compliance (GRC) program. The ideal candidate will have a strong understanding and experience building scalable, right-sized risk management and compliance processes for a high-growth company. We are looking for someone with strong analytical and problem-solving skills, as well as excellent communication and interpersonal skills. In this role, you will work closely with a broad set of cross-functional stakeholders within the company and should be able to build a rapport and influence towards appropriate risk management outcomes.

What you’ll do

• Customer Trust and Assurance
  • Maintain and onboard existing/new security compliance certifications and frameworks (e.g. SOC2, ISO and others)
  • Work with cross-functional teams to procure controls evidence to provide to external auditors timely and issue reports timely.
  • Work cross functionally between teams and auditors to ensure a smooth and efficient audit process
  • Improve the audit process through automation and controls rationalization year over year
  • Monitor and test effectiveness of compliance control health throughout the year; not just during audits
  • Serve as a subject matter expert for all things compliance;
  • Identify and assess business changes for relevant impacts on compliance posture (e.g. geographical expansion, internal tool replacement, new products)
• Customer Trust
  • Maintain our trust center by keeping security documents and knowledge base up-to-date
  • Support sales teams with open security and privacy questions
  • Review incoming security and privacy addendums to customer contracts
  • Support customer security and privacy audits
  • Work with Sales and Solutions engineering to coach and educate teams on our security and compliance posture
• Governance
  • Policy Management
    • Develop a comprehensive set of security and privacy policies and procedures working with Legal, HR, IT, Engineering.
    • Update policies and procedures annually while incorporating stakeholder feedback and obtain approval
    • Define and manage incoming policy exceptions on an ongoing basis to manage associated risk
  • Security and Privacy Training and Awareness
    • Develop and implement role and team specific security and privacy training working closely with key business partners.
    • Manage the roll-out, escalation and completion of all security and privacy training modules.
  • Phishing Management
    • Manage phishing campaigns on an ongoing basis with appropriate re-training processes baked into the process
    • Refine existing phishing reporting processes and integrate this better with our incident management processes
  • GRC Metrics and Reporting
    • Ensure the GRC function meets key performance metrics
• Risk
  • Risk Management
    • Maintain business unit risk registers with existing teams on a monthly basis to appropriately address key risks areas
    • Co-develop and coach business units on right-sized and right-scoped risk remediation plans
    • Work with cross-functional teams to onboard new business units onto the risk management process
  • Third-Party Risk Management
    • Triage incoming technical security requests for vendor application/system integrations and route to appropriate teams for input.
    • Conduct security risk assessments and audits of vendors to evaluate the maturity of their security programs, controls, and documentation.

Qualifications

• Bachelor's degree in information systems, engineering, business, risk management, or a related field
• 5+ years of experience in GRC, security, audit or a related field with past experience in managing a SOC2/ISO 27001 program
• Knowledge of GRC frameworks and regulations
• Experience developing scalable GRC processes
• Ability to work on multiple GRC projects simultaneously
• Ability to partner with stakeholders collaboratively “guardrails” without having a “gated” approach to risk management
• Excellent communication and interpersonal skills

Requirements

• Compensation for this position includes a base salary and a variety of benefits. The U.S. base salary range for this role is $135,000 to $190,000. Actual base salaries will be based on candidate-specific factors, including experience, skillset, and location, and local minimum pay requirements as applicable.

Benefits

• Health, dental, and vision care for you and your family
• Life insurance
• Mental wellness coverage
• Fertility and growing family support
• Flex Time Off in addition to company-paid holidays
• Paid family leave, medical leave, and bereavement leave policies
• Retirement saving plans
• Allowance to customize your work and technology setup at home
• Annual professional development stipend