Sr GRC Analyst – Ripple / ripplex.io

Key responsibilities:

• Examine, evaluate, and document internal controls based on various security standards (NIST CSF, SOC2, ISO-27001, etc.)
• Lead IT-related audits and examinations conducted by external parties
• Align policies, standards and procedures with compliance objectives
• Prepare metrics and reports for management on the status of GRC objectives
• Evaluate and respond to customer/prospect questions and audits. Assist in aligning compliance reports and public-facing Trust Page to reduce the overall number of customer requests
• Remain up to date on current security laws, regulations and standards
• Represent the GRC Team by participating directly with projects and provide guidance, requirements and documentation for security-related purposes when requested
• Create, evaluate, document and maintain standards, processes and procedures relative to security and privacy
• Engage with management to identify possible resolutions to control weaknesses and opportunities for improvement.
• Perform GRC recurring tasks as required
• Provide consultative guidance and oversight to project teams to design, develop, deploy and sustain solutions that meet compliance requirements, including but not limited to a set of technical deliverables, cost, schedule, quality, and status reporting
• Assist in selecting, configuring and/or administering program via GRC tools
• Prepare, update and maintain customer-facing documentation
• Assist with building and/or testing integrations and automations with SaaS/IaaS platforms to collect evidence for security audits and monitor for security configurations
• Assist with developing configuration monitoring capabilities for SaaS and IaaS platforms

What We’re Looking For

• Degree or equivalent in Computer Science or related field
• 5-8 years of experience in Information Security with a specialization in one area of GRC
• Co-create and help articulate Information Security strategy across the company
• A broad understanding of all security domains, CISSP or similar certification preferred
• Experience working with engineering teams to understand issues and prioritize remediations
• Proficiency with common information security frameworks including SOC2, NIST CSF, and ISO 27001
• Demonstrated ability to collaborate effectively across teams
• Familiarity and experience with IT/Security/GRC toolset, such as : Jira, Confluence, Whistic, GRC platforms,risk ratings tools, data collection tools
• Ability to analyze empirical evidence and technical reports, identify root causes, recommend solutions, prioritize projects according to risk and compliance drivers, and drive technical projects through to completion.
• Familiarly with different cloud concepts and tooling including AWS, GCP
• Experience in a remote-first and distributed environment
• Someone willing to adapt to change in a fast moving environment
• Experience with cloud-native pre-IPO startup companies
• Experience with AWS security services and tooling

WHAT WE OFFER:

• The chance to work in a fast-paced start-up environment with experienced industry leaders
• A learning environment where you can dive deep into the latest technologies and make an impact
• Competitive salary and equity
• 100% paid medical and dental and 95% paid vision insurance for employees starting on your first day
• 401k (with match), commuter benefits
• Industry-leading parental leave policies
• Generous wellness reimbursement and weekly onsite programs
• Flexible vacation policy – work with your manager to take time off when you need it
• Employee giving match
• Modern office in San Francisco’s Financial District
• Fully-stocked kitchen with organic snacks, beverages, and coffee drinks
• Weekly company meeting – ask me anything style discussion with our Leadership Team
• Team outings to sports games, happy hours, game nights and more!