Home
/
Project Management
/
Senior GRC Analyst
Senior GRC Analyst-November 2024
Flexible / Remote
Nov 27, 2024
ABOUT ABNORMAL SECURITY
Abnormal Security is the highest precision cybersecurity engine for all email attacks, built to grow people and technology at 10x levels.
201 - 500 employees
Technology
VIEW COMPANY PROFILE >>
About Senior GRC Analyst

  

About the Role

Abnormal Security is looking for a Senior GRC Analyst (Governance, Risk, and Compliance) to join the Security & Privacy team. The Security & Privacy team owns the information and cybersecurity program for the company, including IT, Security Operations, GRC, Privacy, and Customer Trust. The GRC team aims to facilitate information security and data governance processes, enable risk-based decision-making, and deliver a compliance foundation to achieve and maintain compliance certifications. 

  This role will support the execution of the GRC program. The role will be focused on evaluating technology controls, performing audit readiness, leading external audits, and acting as a compliance domain advisor to the business. This role will also be the lead for Issues Management to drive remediation of issues across the company that are identified through the GRC programs. In addition, this role will support governance and risk management activities such as policy management/operations and risk operations. 

  The ideal candidate will have the mindset of an auditor with keen attention to detail,  possess exceptional skills in project management, be a good communicator who excels at explaining complex technology to diverse audiences in a way that fosters understanding and ownership, has strong collaboration and business sense, and an adept awareness of our customers’ requirements of Abnormal as a leading cybersecurity SaaS provider. 

  

Who you are

Proven security experience in an audit or advisory capacity Analytical thinker who exercises good business judgment Confidence and willingness to ask questions, raise issues, and concerns in a timely manner High attention to detail, process, and organization with strong project management skills to ensure accountability and results Strong communication skills with the ability to quickly build rapport with internal and external stakeholders including auditors; demonstrated experience presenting technical concepts to diverse audiences Proficient in managing results and achievements, even when faced with ambiguity or competing approaches regarding the best path to success. Ability to adapt to change, including evolving business and technical environments, and manage multiple priorities while meeting deadlines in a fast-paced environment Team player, collaborative work style Self-motivated and able to work efficiently with minimal oversight/direction  

  

What you will do 

Keep abreast of regulatory and industry developments and advise leadership on the potential impact on the program strategy and plans. Ensure program activities align with strategy and manage the timely and high-quality execution of GRC landmarks. Drive internal control effectiveness through crafting the control matrix, rigorous internal control monitoring, implementing control enhancements, and providing thought leadership on control design, operations, and supporting processes and policies.  Perform compliance readiness assessments and provide updates, recommendations, and roadmap to senior management both within Security and to our business partners. Develop the audit plan in partnership with leadership and lead internal and external audit engagements according to plan, while supervising the work of external auditors and internal audit contractors and working with relevant control owners to minimize disruption while successfully completing the efforts in a timely manner. Advise, educate, and train process  and control owners with the preparation and ongoing maintenance of controls and control documentation (e.g., policies, procedures, narratives, and matrices) to better understand the security controls framework and their responsibilities. Recommend, develop, and manage the company’s risk register, including the definition and reporting on key risk indicators (KRIs) and key performance indicators (KPIs) Conduct regular risk assessments and work with relevant departments to identify, evaluate, and mitigate risks across the organization. Define, develop, and implement capabilities to manage third-party cybersecurity risks.  Manage review, testing, and improvements to business continuity plans.  Advise, educate, and train risk owners with the identification, assessment, mitigation, and monitoring of risks to better understand the risk management process and their responsibilities. Maintain the policy repository and support effective policy communication.  Proactively identify gaps or conflicts in existing policies and processes and work to develop solutions with internal business partners.  Advise policy owners with the preparation, communication, and ongoing maintenance of policies to better understand policy management and their responsibilities. Define, develop, and implement capabilities to govern data handling. Advise data owners with the data classification, labeling, retention, and deletion requirements to better understand data governance and their responsibilities. Drive remediation and risk mitigation activities, also known as issues management, including root cause analysis and owning the design, tracking, and progress of action plans across compliance, policy, or process gap remediation activities and risk mitigation activities in partnership with internal business partners.  Design and manage program operations to support the program goals and implement and maintain technology to support the program and its operations.  Engage in ad-hoc projects as required. Maintain regular, clear communication with project teams, key partners, and management regarding the status of controls testing, audit progress, risk assessment progress, and progress of issues management. Effectively communicate program and project execution status, program health and effectiveness, key accomplishments, and risks to senior management both within Security and to our business partners.

Must Haves 

4+ years of experience in cyber security, technology risk, GRC, and/or technical compliance roles. Bachelor’s degree or equivalent military experience with at least 5 years of Risk Assurance/Compliance and or Information Security experience.  Strong understanding of security concepts and practical usage Strong understanding of policy and data management Strong understanding of risk management, and business resiliency, business continuity, and disaster recovery for a SaaS/cloud-native organization. Strong understanding and practical experience working with ISO 27001, ISO 27701, NIST cyber framework, or others such as HITRUST and NIST SP800-53, NIST SP800-171, and CMMC.  A solid grasp of audit, security, financial, and operational internal control methodologies and terminology (e.g., COSO). Proven experience in evaluating and implementing controls, and with managing SOC 2 and ISO 27001 audits in a SaaS environment. Demonstrated track record of successfully executing projects with an emphasis on delivering results. Ability to effectively communicate governance, risk, and audit functions to executives. Familiarity with Governance Risk Compliance (GRC) tools

Nice to Have 

CRISC, CISSP, CPA, CISA, PMP, CISM certification(s) Prefer a degree in information assurance, computer science, information security, or business. Experience preferably at a technology or SaaS / Cloud and/or with a regulated public company 2+ years of Big 4 experience 

  At Abnormal Security certain roles are eligible for a bonus, restricted stock units (RSUs), and benefits. Individual compensation packages are based on factors unique to each candidate, including their skills, experience, qualifications and other job-related reasons. We know that benefits are also an important piece of your total compensation package. Learn more about our Compensation and Equity Philosophy on our Benefits & Perks page.

  Base salary range:

  $127,100—$149,500 USD

Comments
Welcome to zdrecruit comments! Please keep conversations courteous and on-topic. To fosterproductive and respectful conversations, you may see comments from our Community Managers.
Sign up to post
Sort by
Show More Comments
SIMILAR JOBS
Director, Dynamics F&O Project Management
Introduction: Are you ready to steer the ship of successful project delivery? Join Avanade as a Director of ERP Project Management, where you'll be at the forefront of ensuring exceptional project ex
Pflichtpraktikum / Abschlussarbeit - Forschung & Entwicklung / Lackentwicklung / Chemie- REF22033Q
Stellenbeschreibung Innerhalb unserer Abteilung Research & Development am Standort Weißbach suchen wir zum nächstmöglichen Zeitpunkt für eine Dauer von ca. 6 Monaten Studierende, die ein Pflichtp
Deputy Director of Child and Family Health
Job Description MassHealth is seeking qualified applicants for the position of Deputy Director of Child and Family Health. Reporting to the Director of Parent, Child, and Family Policy, the Deputy Di
Lead Capability Learning Solutions
About the Role We are seeking a strategic and experienced learning consultant to join our organization as Lead, Capability Learning Solutions. Through their deep knowledge and understanding of the dr
CS Construction Project Manager
Job Description Job DescriptionAs a Construction Project Manager, you will be responsible for managing a portfolio of construction projects across the Costa Rica Site. Projects include small construc
Commodity Manager
Job Description Supply chains have become more integral to corporate success as stakeholder expectations rise, product complexity increases, and risks to supply intensify in severity and frequency. I
Value Added Services Pricing & Deal Operations (Sr. Manager / Sr. Consultant)
Company Description Visa is a world leader in digital payments, facilitating more than 215 billion payments transactions between consumers, merchants, financial institutions and government entities a
CMC Facilitator
About the Role The CMC Facilitator supports and facilitates on-site regulatory CMC related launch and post-approval activities (post-approval changes, transfers, remediation, divestment, pruning and
R&D Process, Systems and Regulations Trainer
Job Description As an R&D Process and Systems Trainer you will be responsible to local/regional R&D processes implementation, documentation and training as well as the multiplier functionas R
Direct Care Worker IV
Job Description This position is located at Hogan Regional Center 2 HC in Danvers, MA The Department of Developmental Services (DDS) is seeking to hire a Developmental Services Worker IV (DSW IV) who
Copyright 2023-2024 - www.zdrecruit.com All Rights Reserved