Senior GRC Analyst

Position Overview

• Location Type: [Not specified]
• Job Type: [Not specified]
• Salary: $120,000 - $135,000 USD

This is an opportunity for a GRC-focused Security Engineer to own and scale Chainguard's compliance program. You will shape security policies, standards, and procedures, and build foundational GRC functions and processes. The role involves working with various teams, acting as the liaison during audits, identifying and mitigating risks, and recommending improvements to the compliance engine, potentially through automation and GRC platforms.

Requirements

• Proven experience running multiple SOC 2 Type II audits and ISO 27001 efforts.
• Bonus: Experience with FedRAMP audits.
• Experience with risk assessments, control design and testing, and remediation management.
• Familiarity with GRC platforms (e.g., Vanta) and risk assessment methodologies.
• Ability to automate compliance processes.
• Strong project management skills with the ability to manage competing priorities.
• Excellent communication skills, capable of explaining audit findings to both executives and engineers.
• Bonus: Technical background or engineering experience.

Responsibilities

• Own and manage upcoming SOC 2 Type II and ISO 27001 audits.
• Shape and develop security policies, standards, and procedures.
• Build and refine GRC functions and processes.
• Serve as the primary point of contact for auditors, translating technical and audit-related information.
• Identify, assess, and mitigate compliance and security risks.
• Recommend and implement improvements to streamline the compliance engine, leveraging automation and GRC platforms.
• Collaborate daily with security engineers, legal, HR, and product teams.

Company Information

About Chainguard: Chainguard is dedicated to providing a secure foundation for software development and deployment. They offer guarded open-source software, built from source and continuously updated, to help organizations eliminate threats in their software supply chains. Founded by leading experts in open-source software, security, and cloud-native development, Chainguard has developed the largest library of secure-by-default open-source software. Their mission is to be the safe source for open source.

Company Values:

• Customer Obsessed: Focus on delivering valuable solutions that improve customers' lives.
• Bias for Intentional Action: Prioritize, plan, experiment, and fail fast.
• Don't Take Ourselves Too Seriously (But Do Serious Work): Solve important problems with a balance of seriousness and levity.
• Challenge the Status Quo: Encourage rethinking assumptions and inventing better ways forward.
• Win Together: Emphasize collective success over individual heroism.
• Work with Trust and Humor: Foster an enjoyable work environment where good work happens.
• Supportive, Tight-knit Team: Offer activities and a collaborative atmosphere.