Senior Information Security Analyst
Chainguard$139,000 - $155,000/year
Full Time
Senior (5 to 8 years)
$120,000 – $140,000Compensation
Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level
Full TimeJob Type
UnknownVisa
Biotechnology, Cybersecurity, AIIndustries
Requirements
Candidates must have 5-7+ years of experience in GRC, audit, or risk management. A minimum of 3 years leading ISO 27001 certification/surveillance cycles and SOC 2 Type II audits is required, with hands-on experience in ISO 27701 and ISO 42001 or equivalent AI governance programs. Proven ownership of SOC 2 programs, continuous compliance in cloud-first environments, and strong command of management systems, Trust Services Criteria, control testing, sampling, and evidence sufficiency are essential. Practical experience with access certifications, vendor risk reviews, and customer security questionnaires/RFPs at scale is necessary, along with familiarity with privacy and data governance frameworks and secure SDLC/change management. Proficiency with GRC tooling, automation, ticketing, collaboration workflows, and basic scripting/querying for evidence retrieval is also required. Candidates should be clear communicators capable of instilling a culture of accountability.
Responsibilities
The Senior GRC Analyst will lead certification and assurance programs, owning SOC 2 end-to-end and driving ISO 27001, ISO 27701, and ISO 42001 audit preparation and ongoing maintenance. Responsibilities include leading audits and certifications, managing enterprise risk through operating the security and enterprise risk program, ensuring control effectiveness through design and execution of control testing, and overseeing access governance by leading periodic access reviews. The role also involves driving vendor and third-party risk management through due diligence and risk tiering, supporting customer trust by owning security and privacy questionnaires, advancing governance and privacy through policy lifecycle management, and enhancing resilience and reporting by supporting incident response exercises and delivering relevant dashboards and metrics.
Skills
GRC
SOC 2
ISO 27001
ISO 27701
ISO 42001
NIST
GDPR
CPRA
PCI
HIPAA
HITRUST
Risk Management
Control Testing
Access Governance
Vendor Risk Management
Third-Party Risk Management
Audit Preparation
Compliance
Dopple
Subscription service for custom children's clothing
About Dopple
Dopple is a subscription service that curates custom wardrobes for children, focusing on providing unique and stylish clothing options. The service operates by delivering regular shipments of clothing tailored to the individual tastes and needs of each child, based on information provided by parents and data collected from their interactions with the service. This personalized approach makes shopping exciting, as each delivery offers a surprise element. Dopple partners with a variety of brands, including both well-known names and emerging designers, to ensure a diverse selection of high-quality clothing. Unlike many competitors, Dopple emphasizes a community experience through their "dopplegang," fostering customer engagement and loyalty. The company's goal is to enhance the shopping experience for parents while providing children with fashionable clothing, with plans to expand internationally in the future.
Raleigh, North CarolinaHeadquarters
2018Year Founded
$9.5MTotal Funding
SEEDCompany Stage
Consumer GoodsIndustries
11-50Employees
Benefits
Competitive salary and equity grants
Medical, dental & vision insurance
Paid time off & work from home flexibility (during and after COVID-19)
Free Dopple subscription and significant employee discounts
Learning and development programs, including education reimbursement
Risks
Increased competition from new subscription services may dilute Dopple's customer base.
Rising costs of premium brands could lead to higher subscription fees.
International expansion may face regulatory challenges and increased operational costs.
Differentiation
Dopple offers personalized children's clothing through a unique subscription model.
The company partners with over 200 brands, including Stella McCartney Kids and Versace.
Dopple uses machine learning to tailor clothing selections to individual tastes.
Upsides
Growing demand for sustainable children's clothing boosts Dopple's market potential.
AI-driven personalization enhances customer experience and engagement for Dopple.
U.S. children's clothing market growth supports Dopple's expansion plans.
Related Jobs
RemoteRemoteChief Product Evangelist
RescaleSalary not specified
- Full Time
- Expert & Leadership (9+ years)
RemoteRisk and Compliance Officer
SupersideSalary not specified
- Part Time
- Mid-level (3 to 4 years), Senior (5 to 8 years)
RemoteData Governance Specialist
WealthsimpleSalary not specified
- Full Time
- Mid-level (3 to 4 years), Senior (5 to 8 years)
RemoteSenior Manager, Exams & Audit Management
OKXSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemotePartner Diligence
ColumnSalary not specified
- Full Time
- Mid-level (3 to 4 years), Senior (5 to 8 years)
RemoteLead Security Analyst - Governance, Risk, and Compliance
LaunchDarklySalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteRegulatory & Security Compliance Analyst
RainSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteSenior Manager, GRC
Modernizing MedicineSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteInsurance Strategy Lead
HumanaSalary not specified
- Full Time
- Expert & Leadership (9+ years)
RemoteSenior Regulatory Governance Analyst
GoFundMeSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)