Security Governance, Risk & Compliance Analyst

Job Description:

• Manage and implement complex controls frameworks for large systems, consisting of Cloud infrastructure and Software as a Service (SaaS) services (GCP, AWS, GitHub, Okta, etc).
• Design and develop automation solutions for evidence collection across Cloud infrastructure, endpoints, and SaaS services.
• Conduct risk assessments across business units and processes. Identify risk findings and recommend remediation and risk mitigation strategies.
• Assist or implement automated controls to support risk mitigation efforts across various business units with stakeholders.
• Incorporate CMMC certification into Virtru’s slate of compliance assessments and ongoing monitoring activities (FedRAMP, SOC 2, PCI).
• Facilitate the third-party vendor on-boarding and annual review process by evaluating the security of current and prospective partners.
• Participate in incident response (IR) activities, providing risk analysis and remediation support as needed.
• Enhance the team with your individualism, spirit, and love of learning.

Requirements:

• Minimum of 5+ years of information security, IT audit and/or IT Risk Management, or GRC Analyst/Engineer experience
• Deep understanding of at least few of the following: CMMC, NIST 800-53 & 800-171, FedRAMP, SOC 2, PCI, and/or other global privacy compliance frameworks
• Technical acumen. Strong understanding of modern cloud technologies (AWS, GCP, Azure, etc.) and familiarity with GRC tools (Hyperproof, Vanta, Drata, etc) and SIEM tools (Datadog, Splunk)
• You’re a relationship builder and have worked with both business and technical risk and understand how to translate risk to various levels of the organization
• Have experience training and coaching teams to become better security and privacy practitioners
• Like working on an autonomous agile team. At Virtru, you will have ownership of security, but you'll collaborate with everyone to make sure we produce and implement the right solutions
• Ability to resolve conflicts and drive issues to completion.
• Work independently with little or no supervision while maintaining a high level of efficiency.
• Hands on experience deploying and managing vulnerability scanning/cloud security posture management tools (Wiz, Prismacloud, etc.) to meet security compliance requirements
• Real-world IR experience participating on security On-Call teams
• Basic knowledge of scripting languages like Bash, Python, or Javascript to automate manual tasks
• Familiarity with GitOps and Infrastructure-as-Code concepts

Benefits:

• A Flexible PTO policy — we strongly encourage you to take time off (in addition to 14 holidays) to ensure that you are getting the proper time needed to unplug and recharge.
• A $1,500 annual Learning & Development Stipend focused on providing you the resources to continually learn and professionally grow.
• Frequent company-sponsored team celebrations that provide ample opportunities to connect with teammates and be social!
• Access to an Employee Assistance Program
• Access to Headspace, a mental health app tailored to your specific needs.
• A flat 3% contribution to your retirement account
• A high degree of flexibility — Have an appointment, errand, or family emergency to take care of? Hop to it! We give you the time and space to take care of you and your own first.
• Competitive compensation
• Generous parental, medical, and bereavement policies
• 401K contribution and stock options
• Full medical, dental, and vision benefits
• New Hire Swag and IT Welcome boxes
• Structured semi-annual 360° performance reviews

Apply tot his job Apply To this Job