About the RoleAbnormal Security is looking for a Senior GRC Analyst (Governance, Risk, and Compliance) to join the Security & Privacy team. The Security & Privacy team owns the information and cybersecurity program for the company, including IT, Security Operations, GRC, Privacy, and Customer Trust. The GRC team aims to facilitate information security and data governance processes, enable risk-based decision-making, and deliver a compliance foundation to achieve and maintain compliance certifications.This role will support the execution of the GRC program. The role will be focused on evaluating technology controls, performing audit readiness, leading external audits, and acting as a compliance domain advisor to the business. This role will also be the lead for Issues Management to drive remediation of issues across the company that are identified through the GRC programs. In addition, this role will support governance and risk management activities such as policy management/operations and risk operations.
About the Role
Abnormal Security is looking for a Senior GRC Analyst (Governance, Risk, and Compliance) to join the Security & Privacy team. The Security & Privacy team owns the information and cybersecurity program for the company, including IT, Security Operations, GRC, Privacy, and Customer Trust. The GRC team aims to facilitate information security and data governance processes, enable risk-based decision-making, and deliver a compliance foundation to achieve and maintain compliance certifications.
This role will support the execution of the GRC program. The role will be focused on evaluating technology controls, performing audit readiness, leading external audits, and acting as a compliance domain advisor to the business. This role will also be the lead for Issues Management to drive remediation of issues across the company that are identified through the GRC programs. In addition, this role will support governance and risk management activities such as policy management/operations and risk operations.
Want more jobs like this?Getjobsthat areRemotedelivered to your inbox every week.
Want more jobs like this?
Getjobsthat areRemotedelivered to your inbox every week.
Get Jobs
The ideal candidate will have the mindset of an auditor with keen attention to detail, possess exceptional skills in project management, be a good communicator who excels at explaining complex technology to diverse audiences in a way that fosters understanding and ownership, has strong collaboration and business sense, and an adept awareness of our customers’ requirements of Abnormal as a leading cybersecurity SaaS provider.Who you areProven security experience in an audit or advisory capacityAnalytical thinker who exercises good business judgmentConfidence and willingness to ask questions, raise issues, and concerns in a timely mannerHigh attention to detail, process, and organization with strong project management skills to ensure accountability and resultsStrong communication skills with the ability to quickly build rapport with internal and external stakeholders including auditors; demonstrated experience presenting technical concepts to diverse audiencesProficient in managing results and achievements, even when faced with ambiguity or competing approaches regarding the best path to success.Ability to adapt to change, including evolving business and technical environments, and manage multiple priorities while meeting deadlines in a fast-paced environmentTeam player, collaborative work styleSelf-motivated and able to work efficiently with minimal oversight/directionWhat you will doKeep abreast of regulatory and industry developmentsand advise leadership on the potential impact on the program strategy and plans.Ensure program activities align with strategyand manage the timely and high-quality execution of GRC landmarks.Drive internal control effectivenessthrough crafting the control matrix, rigorous internal control monitoring, implementing control enhancements, and providing thought leadership on control design, operations, and supporting processes and policies.Performcompliance readiness assessmentsand provide updates, recommendations, and roadmap to senior management both within Security and to our business partners.Develop the audit planin partnership with leadership andlead internal and external audit engagementsaccording to plan, while supervising the work of external auditors and internal audit contractors and working with relevant control owners to minimize disruption while successfully completing the efforts in a timely manner.Advise, educate, and train process and control ownerswith the preparation and ongoing maintenance of controls and control documentation (e.g., policies, procedures, narratives, and matrices) to better understand the security controls framework and their responsibilities.Recommend, develop, andmanage the company’s risk register, including the definition and reporting on key risk indicators (KRIs) and key performance indicators (KPIs)Conduct regular risk assessmentsand work with relevant departments to identify, evaluate, and mitigate risks across the organization.Define, develop, and implement capabilities tomanage third-party cybersecurity risks.Manage review, testing, and improvements tobusiness continuity plans.Advise, educate, and train risk ownerswith the identification, assessment, mitigation, and monitoring of risks to better understand the risk management process and their responsibilities.Maintain thepolicy repositoryand support effectivepolicy communication.Proactively identify gaps or conflicts in existing policiesand processes and work to develop solutions with internal business partners.Advise policy ownerswith the preparation, communication, and ongoing maintenance of policies to better understand policy management and their responsibilities.Define, develop, and implement capabilities togovern data handling.Advise data owners with the data classification, labeling, retention, and deletion requirements to better understand data governance and their responsibilities.Drive remediation and risk mitigation activities, also known as issues management, including root cause analysis and owning the design, tracking, and progress of action plans across compliance, policy, or process gap remediation activities and risk mitigation activities in partnership with internal business partners.Design and manage program operationsto support the program goals and implement and maintain technology to support the program and its operations.Engage in ad-hoc projects as required.Maintain regular, clear communicationwith project teams, key partners, and management regarding the status of controls testing, audit progress, risk assessment progress, and progress of issues management.Effectivelycommunicate program and project execution status, program health and effectiveness, key accomplishments, and risks to senior management both within Security and to our business partners.Must Haves5+ years of experience in cyber security, technology risk, GRC, and/or technical compliance roles, with at least 3 years focused on ISO 27001 implementation and maintenanceDemonstrated experience leading at least two successful ISO 27001 certification cycles (including the 2022 revision of ISO 27001) from start to finishProven project management experience, including:Managing multiple concurrent compliance projects with competing deadlinesLeading cross-functional teams across technical and business unitsExperience with project management methodologies (Agile, Waterfall) and tools (ServiceNow, etc.)Track record of delivering complex compliance projects on time and within scopeStrong understanding of security concepts and practical usage, including:Information Security Management System (ISMS) implementation and maintenanceControl mapping across multiple frameworksContinuous control monitoring and automationExperience implementing and managing compliance programs aligned with ISO 27001 and ISO 27701, including:Development and maintenance of Statement of ApplicabilityRisk treatment plans and risk acceptance criteriaInternal audit programsManagement review processesProven track record in working with external auditors, including internal stakeholder managementExperience with audit automation and continuous control monitoring toolsProven ability to manage multiple stakeholders and vendors while maintaining project momentumNice to HaveBachelor’s degree or equivalent military experienceISO27001 Lead Auditor CertificationCRISC, CISSP, CPA, CISA, PMP, CISM certification(s)Experience with NIST CSF, NIST SP 800-53 / 171 or other control frameworksExperience preferably at a technology or SaaS / Cloud and/or with a regulated public company2+ years of Big 4 experienceAt Abnormal Security certain roles are eligible for a bonus, restricted stock units (RSUs), and benefits. Individual compensation packages are based on factors unique to each candidate, including their skills, experience, qualifications and other job-related reasons. We know that benefits are also an important piece of your total compensation package. Learn more about our Compensation and Equity Philosophy on ourBenefits & Perkspage.Base salary range:$127,100—$149,500 USD
The ideal candidate will have the mindset of an auditor with keen attention to detail, possess exceptional skills in project management, be a good communicator who excels at explaining complex technology to diverse audiences in a way that fosters understanding and ownership, has strong collaboration and business sense, and an adept awareness of our customers’ requirements of Abnormal as a leading cybersecurity SaaS provider.
Who you are
What you will do
Advise data owners with the data classification, labeling, retention, and deletion requirements to better understand data governance and their responsibilities.
Must Haves
Nice to Have
At Abnormal Security certain roles are eligible for a bonus, restricted stock units (RSUs), and benefits. Individual compensation packages are based on factors unique to each candidate, including their skills, experience, qualifications and other job-related reasons. We know that benefits are also an important piece of your total compensation package. Learn more about our Compensation and Equity Philosophy on ourBenefits & Perkspage.Base salary range:$127,100—$149,500 USD
At Abnormal Security certain roles are eligible for a bonus, restricted stock units (RSUs), and benefits. Individual compensation packages are based on factors unique to each candidate, including their skills, experience, qualifications and other job-related reasons. We know that benefits are also an important piece of your total compensation package. Learn more about our Compensation and Equity Philosophy on ourBenefits & Perkspage.
Base salary range:
$127,100—$149,500 USD
