Posted in

Senior GRC Analyst

Senior GRC Analyst

CompanyPostman
LocationBoston, MA, USA, San Francisco, CA, USA, New York, NY, USA
Salary$200000 – $225000
TypeFull-Time
DegreesBachelor’s
Experience LevelSenior, Expert or higher

Requirements

  • 7+ years of hands-on experience in cybersecurity governance, risk, and compliance, preferably within fast-paced technology companies.
  • Bachelor’s degree in computer science, information security/cybersecurity, or related field or relevant work experience.
  • Relevant certifications such as CISSP, CRISC, CISA, or CISM a plus.
  • Knowledge of and experience implementing, managing, and maturing GRC programs with a bias to action, ability to design effective but pragmatic solutions with an ability to balance short term and long term goals.
  • Proficient technical knowledge and familiarity with management information systems, cybersecurity, audits and internal controls.
  • Experience working with engineering and non-engineering stakeholders to drive successful risk activities.
  • Experience with establishing and maturing third party risk management programs, with a proven ability to balance third party risk with business need.
  • Experience identifying gaps, creating and tracking correction action and mitigation plans to closure at scale.
  • Self-motivated and well-organized to accomplish goals and tasks completely and on time.
  • Experience successfully driving risk & compliance programs in globally distributed organizations.

Responsibilities

  • Lead and coordinate high visibility projects for our risk & compliance roadmap, including: SOC2, ISO 27XXX, HITRUST, and FedRAMP.
  • Contribute to the development, management, and ongoing improvement of the company risk program, compliance initiatives, and overall security risk posture.
  • Lead the development and maturity of critical risk domains such as third party risk management and business resilience.
  • Lead critical control activities with stakeholders across the business, quantifying risks, evaluating mitigations, and driving action to measurably reduce risk.
  • Lead, participate, and innovate on processes to streamline compliance audit activities with external auditors and internal control owners to ensure successful completion of audit requirements with minimal toil.
  • Establish and contribute to risk and compliance activities with an eye toward continuous controls monitoring automation.
  • Act as a mentor, advisory, and escalation point for team members and stakeholders.

Preferred Qualifications

  • Relevant certifications such as CISSP, CRISC, CISA, or CISM a plus.