Serve Robotics

Senior GRC Analyst

Serve Robotics

full-time

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Manual Apply

Salary

💰 $120,000 - $140,000 per year

Job Level

Senior

About the role

  • Serve as a subject matter expert on security best practices, compliance frameworks and standards such as SOX Section 404 IT General Controls, ISO 27001, GDPR, CCPA.
  • Maintain security documentation including, but not limited to: information security policies and procedures, risk assessment methodology and treatment plans, privacy and business impact assessments (BIA/PIA), and compliance audit procedures.
  • Manage Serve’s security awareness program platform and quarterly phishing simulation campaigns and reporting.
  • Conduct periodic risk assessments of third-party vendor services and establish corrective action plans for risk mitigation.
  • Support periodic IT audits for Serve critical business systems to ensure compliance with IT General control (ITGC) requirements.
  • Track and manage audit findings and remediation activities to ensure timely resolution.
  • Manage Serve’s compliance framework, risk and control matrix and compliance automation system of record.
  • Prepare weekly reports for senior leadership on the compliance status of internal controls.

Requirements

  • Knowledge in ISO 27001/2 and SOC 2 trust principles.
  • Knowledge in Information Security best practices.
  • The following certifications are desired but not required: ISO/IEC 27001 Lead Implementer/Auditor, CISA, CISSP.
  • Experience with participating in compliance audits in a lead or supporting role.
  • Experience in preparing compliance audit workpapers such as artifact request lists, standard test cases and test plans.
  • Experience with managing and supporting an Enterprise Risk Management (ERM) Lifecycle.
  • Familiarity with the use of Standard Information Gathering (SIG) for Third-Party Vendor Risk Assessments.
  • Experience using Atlassian Jira for team workload assignment and prioritization through Scrum or Kanban project management.
  • Experience configuring, managing and providing support for GRC or IRM tools such as Archer, ZenGRC or RSAM, Vanta.
  • Experience with developing compliance and security analytics/insights through Looker, PowerBI, Chartio or similar BI/analytics tooling.
  • Ability to work effectively while prioritizing and juggling competing priorities in a fast-paced work environment.