As a Governance, Risk, and Compliance (GRC) analyst at Cloudbeds, you will assist our growing Security team to further develop and manage our Governance, Risk, and Compliance program. We’re looking for a self-driven, motivated person who understands the intricacies of Software as a Service (SaaS) companies as well as the risks, regulations, frameworks, and business practices that come along with being a SaaS provider. You will use this knowledge to help Cloudbeds continue developing and implementing an effective, compliant, secure, and business-driven GRC program.
You will serve as a partner to our business and technical teams, helping identify, manage, communicate, and mitigate risks. You will develop appropriate and necessary policies, processes and controls to ensure Cloudbeds meets all applicable security and compliance related requirements and help execute/manage third party certification processes (such as PCI, GDPR, SOC 2, etc.) across our company.
You will also be responsible for supporting any internal or external audits, performing vendor due diligence, responding to security assessments, and performing audits and risk management of key Cloudbeds third parties.
As a GRC Analyst at Cloudbeds, you will play an important role in our delivery of an exceptional experience to our customers all around the world with governance, risk, compliance, and security at top of mind.
What You Will Do:
? Work directly with our security, IT, product, and engineering teams to continue building and growing a Governance, Risk, and Compliance practice and Enterprise Risk Management program at Cloudbeds
? Provide subject matter expertise, understanding Cloudbeds’ unique SaaS business model and creating necessary policies, procedures, and controls
? Assist with the implementation, upkeep, maintenance and support of a Governance, Risk, and Compliance program and tooling/software to track, manage, and report on GRC to key stakeholders and executives
? Serve as an internal IT auditor to Cloudbeds, understanding our controls and ensuring they are operating effectively.
? Serve as a point person for any internal or external audits, customer assessments, etc.
? Assist in performing vendor due diligence, security assessments, etc.
? Assist in building a third party risk management program
? Have direct impact on Security culture at Cloudbeds by driving and facilitating internal
Security trainings throughout the year
? Serve as an escalation point for our Customer Service and Success teams when it comes to
questions related to Security and best practices.
? Maintain an understanding of the latest risk and compliance landscape, and implement new
controls, best practices, etc. to mitigate any concerns
? Act as a first-responder for security-related incidents. You’ll Succeed With:
? Bachelor’s degree in a relevant field.
? 2+ years experience as an GRC Analyst
? 5+ years experience in information security, risk, and/or compliance
? Strong experience with designing, developing, implementing and/or customizing
Governance, Risk, and Compliance programs, especially at SaaS companies
? Strong knowledge of and experience with related Governance, Risk, and Compliance
frameworks (PCI, GDPR, CCPA, SOC, ISO27001, NIST CSF, etc.) and Compliance crosswalk
frameworks (SCF, UCF, etc.)
? Experience working within a Software as a Service (SaaS) company
? Experience developing information security and compliance related policies, procedures,
? Experience with Governance, Risk, and Compliance related tools (such as Tugboat Logic,
Hyperproof, MetricStream, LogicGate, ZenGRC, Eramba, etc.)
? Exceptional written and verbal communication in English.
? Ability to work remotely and manage your own time in a global team.
? Ability to communicate effectively asynchronously (Slack) and drive stakeholder engagement
? Willingness to learn and think outside the box
Nice to Haves:
? Applicable Governance, Risk, and Compliance and/or Information Security related certifications (CRISC, CISA, CISM, CISSP, Security+, etc).
? Experience with and relevant knowledge of Cloud technologies (Amazon Web Services [AWS] preferred)
? General understanding of software development practices and associated tools such as but not limited to code repositories (GitHub/BitBucket), JIRA, DevSecOps principles/tooling (Snyk, JupiterOne, Veracode)
? Relevant knowledge of network engineering, systems engineering