Senior GRC Analyst

🕒 il y a 1 mois

Postuler Maintenant

Trouver des Emplois à Distance Similaires

Recevoir des emails pour des emplois à distance

📊 Vérifiez votre score de CV pour ce poste

Améliorez vos chances d'obtenir un entretien en vérifiant votre score de CV avant de postuler.

Télécharger le CV

Doppler

Site WebLinkedInTous les Emplois

11 - 50 employés

Fondée en 2019

🔒 Cybersecurity

☁️ SaaS

🔌 API

💰 €20 000 000 Series A en 2022-04

Cybersecurity • SaaS • API

Doppler est une plateforme cloud qui offre une gestion centralisée des secrets, permettant aux organisations de gérer, orchestrer et gouverner en toute sécurité les secrets et les identités non humaines à grande échelle. Elle s'intègre avec les outils DevOps populaires et les frameworks CI/CD pour automatiser la gestion des secrets au sein du flux de travail de développement. Doppler fournit une interface unifiée qui minimise le besoin d'accès direct au fournisseur de cloud et renforce la sécurité. La plateforme propose également une tarification basée sur les utilisateurs et une conformité vérifiée SOC 2, ce qui la rend idéale pour les équipes de toute taille pour gérer leur infrastructure DevOps de manière sécurisée et efficace.

Description

• Maintain Doppler's SOC 2 Type II and ISO 27001 certifications end-to-end: evidence collection, control monitoring, audit coordination, and deficiency remediation • Lead the compliance work for our next certifications, including gap assessments, policy updates, and required documentation • Evaluate additional certifications and attestations on an ongoing basis as customer and market requirements evolve • Own day-to-day administration of our GRC platform (Vanta), including control mapping, evidence workflows, and audit readiness • Lead our security working group: facilitate regular risk identification sessions, policy updates, maintain the threat register, track remediation progress, and drive accountability across teams • Design and maintain security controls mapped to our chosen frameworks (SOC 2, ISO 27001, etc.), ensuring they're practical and consistently operating • Coordinate penetration testing cycles and work directly with engineering to track and close findings • Author and maintain security policies that are enforceable and grounded in regulatory requirements (GDPR, PCI, and others relevant to a secrets management provider) • Support business continuity and disaster recovery governance • Respond to security questionnaires and RFPs promptly and accurately • Participate in customer security reviews and calls; represent our compliance posture credibly to security teams, procurement, and compliance officers • Maintain public-facing trust documentation that reflects our actual program • Partner with sales on security-sensitive enterprise deals, especially in regulated industries or where compliance is a gating factor • Translate compliance status and risk posture into clear, non-jargon updates for leadership and cross-functional stakeholders • Lead security awareness and compliance training for internal teams • Influence engineering and product roadmaps where security controls intersect with product decisions

🎯 Exigences

• 5+ years in security, compliance, or GRC, with direct ownership of SOC 2 Type II and ISO 27001 programs in a cloud product environment where you've run audit cycles, not just supported them • Hands-on experience with Vanta (or a comparable GRC platform) and a genuine interest in automating compliance workflows rather than relying on spreadsheets • Technical fluency: you can read a pen test report, understand cloud architecture decisions, and have substantive conversations with engineers about control design and risk tradeoffs • Strong understanding of how auditors think, ideally from having been on the auditor side, or from running enough cycles that you've internalized their perspective • Familiarity with PCI DSS and GDPR requirements; experience with self-attestation or certification work is a strong plus • Experience supporting enterprise sales cycles where security is a procurement requirement, including responding to complex security questionnaires • Excellent communication skills across audiences. You can brief the CEO on risk posture and turn around and explain the same issue to an engineer in implementation terms • Relevant certifications (CISA, CISSP, CISM, CRISC, or equivalent) preferred.

🏖️ Avantages

• Equity at an early-stage, fast-growing startup • Premium health insurance (medical, dental, vision) • Guilt Free Unlimited PTO - 3-week minimum strongly encouraged! • Upward Mobility • Learning and Development Stipend • Wealth Advisor • 401k • Pregnancy & Family Leave • Fertility & Adoption Benefits • Equal Compensation (regardless of gender or race)