Red Canary · 6 hours ago

Principal Governance Risk & Compliance Analyst

United States

Full-time

Remote

Senior Level

$130K/yr - $150K/yr

5+ years exp

Maximize your interview chances

Cyber SecurityNetwork Security

Insider Connection @Red Canary

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Lead governance, risk, and compliance initiatives.

Lead regular reviews to ensure that policies and controls are effective, while aligning them to company values and all applicable compliance requirements; identify potential improvements and manage their implementation.

Identify, design, and lead projects to automate the collection and presentation of auditing data for internal and external consumption.

Lead internal audits and risk assessments of the Red Canary environment; identify potential improvements and manage their implementation.

Schedule, prepare for, and lead annual external audits against SOC 2 Type II, ISO 27001, ISO 27701, and other standards.

Maintain security and compliance certifications; identify and manage new certification initiatives.

Lead the vendor risk management function for evaluating Red Canary’s vendors and partners to identify potential risks; identify potential improvements and manage their implementation.

Lead the response to questions and questionnaires from customers, potential customers, and partners regarding security and compliance; identify potential improvements and manage their implementation.

Support the sales team in vetting security and compliance terms in customer contracts.

Help oversee security awareness training that is both relevant and instructive.

Lead relevant and engaging business continuity and incident response exercises.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

SOC 2 Type II auditsISO 27001 auditsVendor assessmentsSecurity questionnairesRisk managementISO 27701 auditsFedRAMPCMMCCompliance frameworksCloud-native architectureAudit data automationProject management

Required

5+ years of experience with SOC 2 Type II and ISO 27001 audits.

5+ years of managing or performing security questionnaires and vendor assessments.

Experience addressing security and compliance terms in commercial contracts.

The ability to articulate and shift between various compliance and regulatory frameworks.

An understanding of the unique risks presented by cloud-native architecture and compliance and audit strategies for environments heavily reliant on SaaS.

Strong experience interacting with auditors and gaining their confidence as a source of truth.

Expertise in designing and managing strategies to identify, articulate, and mitigate risks.

Experience in designing and implementing automation to the collection and presentation of audit data.

Outstanding written and verbal communication skills.

A practical mindset that can balance compliance and business needs.

The ability to lead multiple projects simultaneously.

A patient and positive attitude.