Senior Analyst, Governance, Risk and Compliance (Denver, Los Angeles and/or Indiana)
Company: Formstack LLC
Location: Los Angeles
Posted on: October 19, 2024
Job Description:
Who You Are:The Senior Analyst, Governance, Risk, and Compliance
(GRC) is a key member of the Information Security team responsible
for managing, monitoring, and advancing Formstack's compliance with
various security and privacy regulations and frameworks. This
individual will play a pivotal role in ensuring that Formstack's
operations, products, and services are compliant with industry
standards while helping to mitigate risks and support governance
initiatives.What You Will Do:
- Lead and manage Formstack's compliance initiatives related to
regulations such as HIPAA, SOC 2, GDPR, ISO 27001, PCI-DSS, CCPA,
and others.
- Collaborate with internal teams (product, legal, IT, and
engineering) to develop, implement, and maintain Formstack's
security policies, controls, and procedures.
- Perform risk assessments and conduct security audits across
departments to ensure compliance with regulatory and industry
standards.
- Assist in the preparation and facilitation of external audits
and certifications (e.g., SOC 2 audits, ISO 27001 certification
processes).
- Maintain and enhance Formstack's risk management framework,
including the identification, assessment, and mitigation of
operational, legal, and regulatory risks.
- Monitor security compliance trends, changes in regulatory
requirements, and new compliance frameworks relevant to Formstack's
operations.
- Develop, maintain, and update internal documentation, including
security policies, standards, and guidelines, to ensure they
reflect current regulatory requirements and best practices.
- Manage the vendor risk management program, including the review
and monitoring of vendor compliance with Formstack's security
standards.
- Support security awareness training programs across the
organization to ensure that all employees are knowledgeable about
GRC policies.
- Provide guidance on governance initiatives and best practices
to help improve organizational alignment with compliance and risk
management standards.
- Ensure incident response plans and business continuity plans
are up to date and regularly tested through internal
tabletops.
- Collaborate on data privacy initiatives and ensure that
Formstack's practices align with privacy regulations like GDPR and
CCPA.
- Act as a liaison between external regulatory bodies, auditors,
and internal teams.What We Are Looking For:
- 5+ years of experience in Governance, Risk, and Compliance
(GRC) or a related field, ideally within a SaaS, technology, or
healthcare-related environment.
- Strong knowledge of industry standards and frameworks,
including NIST, SOC 2, or ISO 27001.
- Demonstrated experience conducting risk assessments, security
audits, and managing compliance projects.
- Hands-on experience with cloud security and compliance in
environments like AWS.
- Strong understanding of cybersecurity principles.
- Experience with third-party vendor risk management and
compliance monitoring.
- Excellent written and verbal communication skills, with the
ability to translate complex regulatory requirements into
actionable guidance.
- Ability to work cross-functionally with legal, IT, and
engineering teams.
- Strong organizational skills, attention to detail, and the
ability to manage multiple projects in a fast-paced
environment.Bonus Points:
- Bachelor's degree in a relevant field (e.g., Information
Security, IT, Business, Law, Engineering).
- Certifications such as CISSP, CISA, CISM, or CRISC.
- Familiarity with frameworks such as COBIT or ISO 31000.
- Experience in the technology or SaaS industry, with a focus on
product compliance.
- Knowledge of secure software development practices and
DevSecOps.
- Experience working in an agile or DevOps environment.Salary:
$140,000 - $180,000 a year
#J-18808-Ljbffr
Keywords: Formstack LLC, Rialto , Senior Analyst, Governance, Risk and Compliance (Denver, Los Angeles and/or Indiana), Professions , Los Angeles, California
Didn't find what you're looking for? Search again!
Loading more jobs...