Senior Security Governance Risk & Compliance (GRC) Analyst
AlmaFull Time
Senior (5 to 8 years)
Candidates should possess deep cybersecurity, privacy, and risk management knowledge and skills, with excellent written and verbal communication abilities. Experience in collaborative projects, particularly within modern cloud-based SaaS organizations like AWS control environments, is essential. A strong familiarity with security standards such as SOC 2, ISO 27001, ISO 27701, and FedRAMP, as well as privacy laws like CCPA and GDPR, is required. Relevant certifications such as CCSP, PCI QSA, CISSP, or CISA/CISM are preferred. Familiarity with collaboration tools like Confluence, Slack, and Github is also beneficial.
The Lead Security Analyst will collaborate with stakeholders to design and operate security controls for the GRC program, utilizing technology to automate compliance activities and evidence gathering. This role involves operationalizing program health and maturity by tracking metrics, driving continuous improvement projects related to GRC, and contributing to the documentation of security standards, policies, and processes. Additionally, the analyst will support audits and assessments, and work with product and infrastructure teams on engineering projects addressing GRC requirements.
Feature management platform for software developers
LaunchDarkly provides a platform for developers to manage and automate software features. Its main product is a feature management platform that allows developers to control software features, enabling safe code shipping, self-serve experimentation, personalized user experiences, and improved reliability of applications. This platform allows developers to revert feature behaviors without code changes, enhancing productivity. LaunchDarkly operates on a subscription model, charging clients for access to its services. The platform helps clients innovate quickly, automate software releases, reduce delivery costs, and maximize the impact of software features. The goal is to improve software development processes for a diverse range of clients in the DevOps market.