Juniper Square

Senior GRC Analyst

Juniper Square

full-time

Posted on:

Location Type: Remote

Location: United States

Visit company website

Explore more

AI Apply
Apply

Salary

💰 $135,000 - $190,000 per year

Job Level

Senior

About the role

  • Compliance
  • Maintain and onboard existing/new security compliance certifications and frameworks (e.g. SOC2, ISO and others)
  • Work with cross-functional teams to procure controls evidence to provide to external auditors timely and issue reports timely.
  • Work cross functionally between teams and auditors to ensure a smooth and efficient audit process
  • Improve the audit process through automation and controls rationalization year over year
  • Monitor and test effectiveness of compliance control health throughout the year; not just during audits
  • Serve as a subject matter expert for all things compliance;
  • Identify and assess business changes for relevant impacts on compliance posture (e.g. geographical expansion, internal tool replacement, new products)
  • Customer Trust
  • Maintain our trust center by keeping security documents and knowledge base up-to-date
  • Support sales teams with open security and privacy questions
  • Review incoming security and privacy addendums to customer contracts
  • Support customer security and privacy audits
  • Work with Sales and Solutions engineering to coach and educate teams on our security and compliance posture
  • Governance
  • Policy Management
  • Develop a comprehensive set of security and privacy policies and procedures working with Legal, HR, IT, Engineering.
  • Update policies and procedures annually while incorporating stakeholder feedback and obtain approval
  • Define and manage incoming policy exceptions on an ongoing basis to manage associated risk
  • Security and Privacy Training and Awareness
  • Develop and implement role and team specific security and privacy training working closely with key business partners.
  • Manage the roll-out, escalation and completion of all security and privacy training modules.
  • Phishing Management
  • Manage phishing campaigns on an ongoing basis with appropriate re-training processes baked into the process
  • Refine existing phishing reporting processes and integrate this better with our incident management processes
  • GRC Metrics and Reporting
  • Ensure the GRC function meets key performance metrics
  • Risk Management
  • Maintain business unit risk registers with existing teams on a monthly basis to appropriately address key risks areas
  • Co-develop and coach business units on right-sized and right-scoped risk remediation plans
  • Work with cross-functional teams to onboard new business units onto the risk management process
  • Third-Party Risk Management
  • Triage incoming technical security requests for vendor application/system integrations and route to appropriate teams for input.
  • Conduct security risk assessments and audits of vendors to evaluate the maturity of their security programs, controls, and documentation.

Requirements

  • Bachelor's degree in information systems, engineering, business, risk management, or a related field
  • 5+ years of experience in GRC, security, audit or a related field with past experience in managing a SOC2/ISO 27001 program
  • Knowledge of GRC frameworks and regulations
  • Experience developing scalable GRC processes
  • Ability to work on multiple GRC projects simultaneously
  • Ability to partner with stakeholders collaboratively “guardrails” without having a “gated” approach to risk management
  • Excellent communication and interpersonal skills
Benefits
  • Health, dental, and vision care for you and your family
  • Life insurance
  • Mental wellness coverage
  • Fertility and growing family support
  • Flex Time Off in addition to company-paid holidays
  • Paid family leave, medical leave, and bereavement leave policies
  • Retirement saving plans
  • Allowance to customize your work and technology setup at home
  • Annual professional development stipend
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
GRCSOC2ISO 27001security complianceaudit processrisk managementsecurity risk assessmentscontrols evidencepolicy managementphishing management
Soft Skills
communicationinterpersonal skillscollaborationstakeholder managementcoachingtrainingproblem-solvingorganizational skillstime managementadaptability
Certifications
Bachelor's degree in information systemsBachelor's degree in engineeringBachelor's degree in businessBachelor's degree in risk management