Governance, Risk And Compliance Analyst

Description

Siteimprove is growing and so is our Security function. We are on a journey to establishing a distributed architecture, scaling our world-class hybrid cloud, both vertically and horizontally, and want to strengthen the Security Governance, Risk, and Compliance (GRC) team with a GRC Analyst. As a GRC Analyst at Siteimprove, you will be part of the central Security team, reporting directly to the GRC Team Lead NA. With day-to-day support from your manager and the other Security GRC team members, you will be working across all business units to support customer engagement, develop customer security reference materials and complete vendor security reviews.

What you will be doing

• Responding to requests from customers for information on our security measures
• Reviewing security clauses in customer and vendor contracts
• Supporting the business with customer engagements, including attending customer calls and

supporting our sales teams

• Maintaining security customer question and answer database
• Coordinating responses to customers (monthly/quarterly updates) as required by contract
• Producing and maintaining customer security reference materials
• Completing vendor security reviews
• Coordinating audit responses and evidence with key stakeholders
• Providing, reviewing and enhancing security training and awareness programmes
• Maintaining elements of Siteimprove s information security management system (ISMS),

including customer friendly security overviews

• Supporting maintaining and obtaining of certifications such as ISO 27001, FedRAMP etc.
• Producing internal security reports including gathering key statistics
• Performing other related duties as assigned

What we require of you

• Fluent in English, both verbally and written
• Proficient in using Microsoft core products, such as Word and PowerPoint
• Understanding of information security principles such as CIA, need to know and least privilege
• Awareness of the legal and regulatory security requirements
• Flexible and collaborative approach to enabling and supporting the business
• Stakeholder and relationship management skills

What we will love about you

• Degree, apprenticeship or equivalent
• Knowledge of cyber security frameworks such as ISO2700 and NIST
• You thrive working in a fast-moving, agile environment with both technical and non-technical stakeholders
• Hands-on, pragmatic and with an eye for detail
• Desire and drive to make a difference in our security culture

In addition, we hope you will appreciate:

• Rest and relaxation: Open Paid Time Off (OPTO) program for vacation, personal illness, mental health, or to care for a family member, 11 paid holidays, and two Give Back Days
• Comprehensive benefits: National medical plan, dental, vision, paid maternity leave, paid paternity leave, HSA, Flex, employer-sponsored short-term, long-term disability, discounts to volunteer plans to meet your family needs, and more!
• Prepare for the future: 401(k) with a company match to provide a better future in your retirement years.

USD 43,198-53,998 per-year-salary

The pay for the successful candidate will depend on various factors, including work location, relevant knowledge, skills, qualifications, and experience.

Siteimprove is an equal opportunity employer

All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, age, marital status, pregnancy, genetic information, or other legally protected status.

Siteimprove is a global corporation that has developed data practices to ensure your personally identifiable information is appropriately protected. Please note that personal information may be transferred, accessed, and stored globally as necessary for the uses and disclosures stated in accordance with our Privacy Policy at https://siteimprove.com/en/privacy/.