Innovating business travel with a free-to-use hotel booking platform.

Staff GRC Analyst

ComplianceComplianceFull TimeRemoteTeam 201-500Since 2018H1B No SponsorCompany Site LinkedIn

Location

United States

Posted

48 days ago

Salary

$126.5K - $175K / year

EnglishAWSAzureCloudGoogle Cloud Platform

Job Description

• Lead the configuration and management of GRC tools (Trust Centers, Learning Management Systems, Compliance Tracking, etc.) to ensure integration with security systems. • Manage the main dashboard for SOC 2 reporting, ensuring accuracy and compliance. • Develop and maintain a comprehensive risk management program and conduct risk assessments. • Manage and conduct regular audits (weekly, monthly, quarterly, and bi-annual) across business, IT, and security processes to ensure best practices and legal compliance. • Oversee the development and execution of security procedures across multiple domains. • Develop, update, and maintain Contingency Planning strategies and procedures, including coordination of annual tabletop drills. • Execute routine operational tasks related to security awareness training. • Audit the access and compliance of third-party vendors and contractors. • Review procurement requests for security standards and ensure all engagements meet company standards and regulatory requirements. • Collaborate cross-functionally to identify and monitor security controls, map security controls to issues and risks, and mature the audit processes related to security controls that apply across multiple security frameworks.

Job Requirements

Proven experience in managing GRC functions, ideally within a fast-paced, high-growth company.
Strong understanding of ISO 27001, SOC 2, GDPR, CCPA, PCI-DSS, and SOX compliance standards.
Excellent organizational, communication, and leadership skills.
Ability to manage complex GRC initiatives and work across multiple teams.
Ability to handle high-stress situations and effectively manage IT emergencies.
Skilled in using GRC platforms and tools to manage compliance and risk management activities.
Strong knowledge of security concepts, including risk management, identity and access management (IAM), key management, data protection, and network security.
Track record of building security/GRC programs across various domains.
Certifications such as CISA, CISM, CISSP, CRISC, or CCEP.
Experience with data protection and privacy law compliance.
Familiarity with cloud security components of platforms like AWS, GCP, or Azure.
Excellent problem-solving, analytical, and communication skills.
Ability to work collaboratively with cross-functional teams, including IT, engineering, and HR teams.
A passion for mentoring others.

Benefits

Competitive base pay tied to role and experience, with opportunities for bonuses, commissions, and equity.
Check out our full list at engine.com/culture.