GRC Risk Analyst

📋 Description

• Executes audits and risk assessments; communicates findings and recommendations.
• Ensures management understands risks of noncompliance to security standards.
• Writes and revises policies, standards, procedures, and guidelines.
• Participates in security and IT projects driving process improvements.
• Reviews security questionnaires and due-diligence requests with stakeholders.
• Prepares risk reports and presents findings to management.

🎯 Requirements

• Bachelor's Degree in Computer Science, Engineering or equivalent experience
• 3-5 years in information technology / information security auditing, preferably in a software engineering environment
• Familiarity with FedRAMP, StateRAMP, CMMC, ISO 27001:2013, SOC2, NIST CSF
• Experience writing audit findings, reports, policies, standards, procedures and guidelines
• Comfortable performing technical interviews and business process reviews with non-technical personnel
• Working knowledge of risk assessment methodologies, contingency planning and data analysis

🎁 Benefits

• Base salary: $120,000–$135,000 USD
• Equity awards and comprehensive benefits
• Health Savings Account and Flexible Spending Account
• 401(k) with company match; life and disability coverage
• Travel accident insurance and employee assistance programs
• 5 days of volunteer time off (VTO)