Principal Security Analyst (Governance, Risk, and Compliance)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Principal Security Analyst (Governance, Risk, and Compliance): Building and maturing enterprise security risk and compliance processes across the organization with an accent on security risk quantification, control framework strength, and governance reporting. Focus on leading cybersecurity assessments and audits, developing KRIs, and continuously improving GRC programs using industry frameworks and best practices.
Company
develops purpose-driven technology and responsible AI solutions.
What you will do
- Champion the security risk quantification program and process for informed enterprise decision-making.
- Develop Key Risk Indicators (KRIs) and communicate security risk to Executive Leadership Team (ELT) and Board of Directors.
- Develop, assess, and implement cybersecurity controls and procedures to protect confidentiality, integrity, and availability.
- Lead internal and external security/compliance/regulatory assessments, including customer audits, attestations, certification audits, and third-party reviews.
- Partner with control owners to monitor control implementation effectiveness and drive resolution of noncompliance issues.
- Improve change management for policy/standard/procedure updates and drive continuous improvement of GRC using industry best practices.
Requirements
- Location: Remote in the United States
- 8+ years of experience in Information Technology and/or Security.
- 3+ years leading audit/assessment projects.
- 3+ years experience with risk management frameworks (e.g., NIST CSF) and 2+ years with quantitative risk frameworks (e.g., FAIR, OCTAVE).
- Experience with corporate GRC solutions (e.g., Archer, ServiceNow).
- Industry certifications such as CISSP, CRISC, CISM/CISA, and/or AWS or Azure certifications.
Culture & Benefits
- Remote-flexible workforce.
- Medical, dental, and vision insurance.
- 401(k) program with employer match and wellness programs.
- Flexible paid time off and generous parental leave.
- Tuition reimbursement program.
Hiring process
- Application review followed by interview steps to assess security GRC experience and communication skills.
Salary: $101,900.00–$132,800.00 base pay
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →