Security Governance, Risk & Compliance Analyst

Job Description: • Manage and implement complex controls frameworks for large systems, consisting of Cloud infrastructure and Software as a Service (SaaS) services (GCP, AWS, GitHub, Okta, etc). • Design and develop automation solutions for evidence collection across Cloud infrastructure, endpoints, and SaaS services. • Conduct risk assessments across business units and processes. Identify risk findings and recommend remediation and risk mitigation strategies. • Assist or implement automated controls to support risk mitigation efforts across various business units with stakeholders. • Incorporate CMMC certification into Virtru’s slate of compliance assessments and ongoing monitoring activities (FedRAMP, SOC 2, PCI). • Facilitate the third-party vendor on-boarding and annual review process by evaluating the security of current and prospective partners. • Participate in incident response (IR) activities, providing risk analysis and remediation support as needed. • Enhance the team with your individualism, spirit, and love of learning. Requirements: • Minimum of 5+ years of information security, IT audit and/or IT Risk Management, or GRC Analyst/Engineer experience • Deep understanding of at least few of the following: CMMC, NIST 800-53 & 800-171, FedRAMP, SOC 2, PCI, and/or other global privacy compliance frameworks • Technical acumen. Strong understanding of modern cloud technologies (AWS, GCP, Azure, etc.) and familiarity with GRC tools (Hyperproof, Vanta, Drata, etc) and SIEM tools (Datadog, Splunk) • You’re a relationship builder and have worked with both business and technical risk and understand how to translate risk to various levels of the organization • Have experience training and coaching teams to become better security and privacy practitioners • Like working on an autonomous agile team. At Virtru, you will have ownership of security, but you'll collaborate with everyone to make sure we produce and implement the right solutions • Ability to resolve conflicts and drive issues to completion. • Work independently with little or no supervision while maintaining a high level of efficiency. • Hands on experience deploying and managing vulnerability scanning/cloud security posture management tools (Wiz, Prismacloud, etc.) to meet security compliance requirements • Real-world IR experience participating on security On-Call teams • Basic knowledge of scripting languages like Bash, Python, or Javascript to automate manual tasks • Familiarity with GitOps and Infrastructure-as-Code concepts Benefits: • A Flexible PTO policy — we strongly encourage you to take time off (in addition to 14 holidays) to ensure that you are getting the proper time needed to unplug and recharge. • A $1,500 annual Learning & Development Stipend focused on providing you the resources to continually learn and professionally grow. • Frequent company-sponsored team celebrations that provide ample opportunities to connect with teammates and be social! • Access to an Employee Assistance Program • Access to Headspace, a mental health app tailored to your specific needs. • A flat 3% contribution to your retirement account • A high degree of flexibility — Have an appointment, errand, or family emergency to take care of? Hop to it! We give you the time and space to take care of you and your own first. • Competitive compensation • Generous parental, medical, and bereavement policies • 401K contribution and stock options • Full medical, dental, and vision benefits • New Hire Swag and IT Welcome boxes • Structured semi-annual 360° performance reviews Apply tot his job