Senior GRC Analyst

🕒 Maio 23

Candidatar-se

Encontrar Vagas Remotas Similares

Receber Emails de Vagas Remotas

📊 Verifique sua pontuação de currículo para esta vaga

Melhore suas chances de conseguir uma entrevista verificando sua pontuação de currículo antes de se candidatar.

Enviar Currículo

Doppler

SiteLinkedInTodas as Vagas

11 - 50 funcionários

Fundada em 2019

🔒 Cibersegurança

☁️ SaaS

🔌 API

💰 $20.000.000 Series A em 2022-04

Cybersecurity • SaaS • API

Doppler é uma plataforma na nuvem que oferece gestão centralizada de segredos, permitindo que as organizações gerenciem, orquestrem e administrem segredos e identidades não-humanas em escala de forma segura. Ela se integra com ferramentas populares de DevOps e frameworks CI/CD para automatizar a gestão de segredos dentro do fluxo de desenvolvimento. O Doppler fornece uma interface unificada que minimiza a necessidade de acesso direto ao provedor de nuvem e aprimora a segurança. A plataforma também apresenta preços baseados em usuários e conformidade verificada com SOC 2, tornando-a ideal para equipes de qualquer tamanho gerenciarem sua infraestrutura DevOps de forma segura e eficiente.

Descrição

• Maintain Doppler's SOC 2 Type II and ISO 27001 certifications end-to-end: evidence collection, control monitoring, audit coordination, and deficiency remediation • Lead the compliance work for our next certifications, including gap assessments, policy updates, and required documentation • Evaluate additional certifications and attestations on an ongoing basis as customer and market requirements evolve • Own day-to-day administration of our GRC platform (Vanta), including control mapping, evidence workflows, and audit readiness • Lead our security working group: facilitate regular risk identification sessions, policy updates, maintain the threat register, track remediation progress, and drive accountability across teams • Design and maintain security controls mapped to our chosen frameworks (SOC 2, ISO 27001, etc.), ensuring they're practical and consistently operating • Coordinate penetration testing cycles and work directly with engineering to track and close findings • Author and maintain security policies that are enforceable and grounded in regulatory requirements (GDPR, PCI, and others relevant to a secrets management provider) • Support business continuity and disaster recovery governance • Respond to security questionnaires and RFPs promptly and accurately • Participate in customer security reviews and calls; represent our compliance posture credibly to security teams, procurement, and compliance officers • Maintain public-facing trust documentation that reflects our actual program • Partner with sales on security-sensitive enterprise deals, especially in regulated industries or where compliance is a gating factor • Translate compliance status and risk posture into clear, non-jargon updates for leadership and cross-functional stakeholders • Lead security awareness and compliance training for internal teams • Influence engineering and product roadmaps where security controls intersect with product decisions

🎯 Requisitos

• 5+ years in security, compliance, or GRC, with direct ownership of SOC 2 Type II and ISO 27001 programs in a cloud product environment where you've run audit cycles, not just supported them • Hands-on experience with Vanta (or a comparable GRC platform) and a genuine interest in automating compliance workflows rather than relying on spreadsheets • Technical fluency: you can read a pen test report, understand cloud architecture decisions, and have substantive conversations with engineers about control design and risk tradeoffs • Strong understanding of how auditors think, ideally from having been on the auditor side, or from running enough cycles that you've internalized their perspective • Familiarity with PCI DSS and GDPR requirements; experience with self-attestation or certification work is a strong plus • Experience supporting enterprise sales cycles where security is a procurement requirement, including responding to complex security questionnaires • Excellent communication skills across audiences. You can brief the CEO on risk posture and turn around and explain the same issue to an engineer in implementation terms • Relevant certifications (CISA, CISSP, CISM, CRISC, or equivalent) preferred.

🏖️ Benefícios

• Equity at an early-stage, fast-growing startup • Premium health insurance (medical, dental, vision) • Guilt Free Unlimited PTO - 3-week minimum strongly encouraged! • Upward Mobility • Learning and Development Stipend • Wealth Advisor • 401k • Pregnancy & Family Leave • Fertility & Adoption Benefits • Equal Compensation (regardless of gender or race)