Senior GRC Analyst

🕒 vor 19 Tagen

Jetzt Bewerben

Ähnliche Remote-Jobs finden

E-Mails für Remote-Jobs erhalten

📊 Überprüfen Sie Ihre Lebenslauf-Bewertung für diese Stelle

Verbessern Sie Ihre Chancen auf ein Vorstellungsgespräch, indem Sie Ihre Lebenslauf-Bewertung vor der Bewerbung überprüfen.

Lebenslauf hochladen

Doppler

WebsiteLinkedInAlle Stellen

11 - 50 Mitarbeiter

Gegründet 2019

🔒 Cybersecurity

☁️ SaaS

🔌 API

💰 €20.000.000 Series A im 2022-04

Cybersecurity • SaaS • API

Doppler ist eine Cloud-Plattform, die zentrales Geheimnis-Management anbietet und es Organisationen ermöglicht, Geheimnisse und nicht-menschliche Identitäten sicher in großem Umfang zu verwalten, zu orchestrieren und zu steuern. Sie integriert sich in beliebte DevOps-Tools und CI/CD-Frameworks, um das Geheimnis-Management innerhalb des Entwicklungsworkflows zu automatisieren. Doppler bietet eine einheitliche Oberfläche, die den Bedarf an direktem Zugriff auf Cloud-Anbieter minimiert und die Sicherheit erhöht. Die Plattform bietet zudem eine nutzerbasierte Preisgestaltung und SOC 2 verifizierte Compliance, was sie ideal für Teams jeder Größe macht, um ihre DevOps-Infrastruktur sicher und effizient zu verwalten.

Beschreibung

• Maintain Doppler's SOC 2 Type II and ISO 27001 certifications end-to-end: evidence collection, control monitoring, audit coordination, and deficiency remediation • Lead the compliance work for our next certifications, including gap assessments, policy updates, and required documentation • Evaluate additional certifications and attestations on an ongoing basis as customer and market requirements evolve • Own day-to-day administration of our GRC platform (Vanta), including control mapping, evidence workflows, and audit readiness • Lead our security working group: facilitate regular risk identification sessions, policy updates, maintain the threat register, track remediation progress, and drive accountability across teams • Design and maintain security controls mapped to our chosen frameworks (SOC 2, ISO 27001, etc.), ensuring they're practical and consistently operating • Coordinate penetration testing cycles and work directly with engineering to track and close findings • Author and maintain security policies that are enforceable and grounded in regulatory requirements (GDPR, PCI, and others relevant to a secrets management provider) • Support business continuity and disaster recovery governance • Respond to security questionnaires and RFPs promptly and accurately • Participate in customer security reviews and calls; represent our compliance posture credibly to security teams, procurement, and compliance officers • Maintain public-facing trust documentation that reflects our actual program • Partner with sales on security-sensitive enterprise deals, especially in regulated industries or where compliance is a gating factor • Translate compliance status and risk posture into clear, non-jargon updates for leadership and cross-functional stakeholders • Lead security awareness and compliance training for internal teams • Influence engineering and product roadmaps where security controls intersect with product decisions

🎯 Anforderungen

• 5+ years in security, compliance, or GRC, with direct ownership of SOC 2 Type II and ISO 27001 programs in a cloud product environment where you've run audit cycles, not just supported them • Hands-on experience with Vanta (or a comparable GRC platform) and a genuine interest in automating compliance workflows rather than relying on spreadsheets • Technical fluency: you can read a pen test report, understand cloud architecture decisions, and have substantive conversations with engineers about control design and risk tradeoffs • Strong understanding of how auditors think, ideally from having been on the auditor side, or from running enough cycles that you've internalized their perspective • Familiarity with PCI DSS and GDPR requirements; experience with self-attestation or certification work is a strong plus • Experience supporting enterprise sales cycles where security is a procurement requirement, including responding to complex security questionnaires • Excellent communication skills across audiences. You can brief the CEO on risk posture and turn around and explain the same issue to an engineer in implementation terms • Relevant certifications (CISA, CISSP, CISM, CRISC, or equivalent) preferred.

🏖️ Vorteile

• Equity at an early-stage, fast-growing startup • Premium health insurance (medical, dental, vision) • Guilt Free Unlimited PTO - 3-week minimum strongly encouraged! • Upward Mobility • Learning and Development Stipend • Wealth Advisor • 401k • Pregnancy & Family Leave • Fertility & Adoption Benefits • Equal Compensation (regardless of gender or race)