Senior Security GRC Analyst
Chicago, IL, United States
At InRule Technology, we revolutionize the way organizations in more than 40 countries worldwide make mission-critical decisions by infusing cutting-edge technology into their processes. Some of the largest banks, insurance companies, healthcare organizations, and governments rely on InRule to deliver frictionless, intuitive solutions that provide the power of computing without the complexity of programming.
As part of the InRule Technology team, you'll be at the forefront of a technological revolution, helping drive adoption of our powerful AI Decisioning platform that weaves together declarative logic, non-declarative machine learning, and human-in-the-loop automation.In 2023, Forrester named InRule a Leader in The Forrester WaveTM: AI Decisioning Platforms.
Reporting to the VP, Technical Operations, the Senior Security GRC Analyst will drive planning and execution of our global Governance, Risk, Compliance (GRC) initiatives and audits. At InRule, this is a vital role that collaborates closely with other departments to ensure compliance with regulations and industry standards.
Location : Remote (preference for Chicago, IL, or Central/Eastern Time Zone)
What you'll do...
Coordinate, conduct and function as primary contact for all internal and external audits.
Delegate control ownership to relevant participants across departments, monitor compliance status and follow up to ensure timely completion of recurring compliance requirements related to SOC2, ISO27001, GDPR, and HIPAA.
Work with the Data Protection Officer (DPO) to execute data deletion requests, maintain our privacy policy and track data sub-processors.
Conduct risk assessments and software vulnerability assessments to identify potential cybersecurity threats; document and follow-up on security-related findings.
In preparation for external audits, support monitoring, evidence collection, gap assessments and reviews as needed.
Conduct periodic reviews and audits of internal policies, controls and processes; publish findings outlining successes and opportunities for improvement.
Partner with business stakeholders (such as Engineering and IT Operations management) to identify risks, propose mitigation strategies and inform on emerging security threats and trends.
Develop and maintain standard GRC documentation, such as policy and procedure documents or project plans.
Manage and document scalable processes and automation to support our growth and compliance initiatives.
Develop and assess operating effectiveness of controls.
Assist in completion of customer assurance activities, such as security questionnaires.
Perform vendor security evaluations of existing and new vendors.
What you'll bring...
At least 5+ years of experience managing or maturing ISO27001 and/or SOC2 compliance at a software company, ideally within a high-growth Cloud/SaaS environment
Experience working with external auditors to efficiently drive an audit cycle to successful completion
Ability to identify gaps, create mitigation plans, and work with control owners to implement changes
Experience interacting with current and prospective customers to help navigate the security review process
Strong communication skills with the ability to build relationships across departments and cultures as part of a global distributed team
Experience using compliance and security tools; experience with Vanta highly desired
Excellent interpersonal, communication, and presentation skills, including findings and report writing experience
Experience completing customer security questionnaires
Ability to execute with urgency and attention to detail
Experience working with cloud technologies, preferably Azure
Relevant information security certifications (such as CISM) a strong plus
#J-18808-Ljbffr