Senior Security Governance Risk & Compliance (GRC) Analyst
AlmaSalary not specified
- Full Time
- Senior (5 to 8 years)
Not SpecifiedCompensation
Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Cybersecurity, Information Security, Software Supply Chain SecurityIndustries
Requirements
Candidates should have experience running multiple SOC 2 Type II audits and ISO 27001 efforts, with bonus points for surviving a FedRAMP audit. They should possess experience with risk assessments, control design and testing, and remediation management, along with familiarity with GRC platforms like Vanta and risk assessment methodologies. A technical background or engineering experience is a plus.
Responsibilities
The Senior GRC Analyst will immediately own the upcoming SOC 2 Type II and ISO 27001 audits, shape security policies, standards, and procedures, work daily with security engineers, legal, HR, and product teams, serve as the point of contact between auditors and Chainguardians, spot compliance and security risks, and recommend ways to streamline the compliance engine, ideally with automation and modern GRC platforms.
Skills
SOC 2 Type II
ISO 27001
GRC
Security Policies
Risk Assessment
Audit Management
Automation
Compliance Frameworks
Chainguard
Supply chain risk management and audits
About Chainguard
Chainguard specializes in managing risks in supply chains, particularly for businesses that rely on software. They conduct audits to identify risks and provide detailed reports with recommendations for improvement. Their unique offering includes a curated base container image distro, which helps businesses transition to secure software environments. Chainguard also provides supply chain observability services, allowing companies to track their software's origins and dependencies.
Key Metrics
Kirkland, WashingtonHeadquarters
2021Year Founded
$249MTotal Funding
SERIES_CCompany Stage
Data & Analytics, CybersecurityIndustries
201-500Employees