Quality isn’t just a goal. It’s the whole point.

Our customers are under a lot of pressure to deliver great software. But to compress lifecycles, add features, and compete in a world where ‘every company is now a software company’ is hard. And one mistake can mean their reputation, even future. That’s why it’s our mission to help. At any part of their software development lifecycle (SDLC), we provide the tools and discipline to focus on quality while streamlining their processes. So our customers can create and deploy software that works as designed – especially when it’s needed most. And we’re looking for people to join us.

Governance, Risk and Compliance (GRC) Analyst

• Ensures regulatory compliance enterprise wide
• Has a full grasp of information security, cyber security, and privacy issues and awareness of regulated data environments
• Supports and is involved in communication around internal and external audit
• Creates policies and controls to ensure compliance

As an integral member of the Information Security team, reporting to the Director of Information Security, the responsibility of the GRC Analyst is to help support the day-to-day assurance operations related to policy compliance, process and organizational policies and security requirements governance, as well as risk management functions. You will be responsible for the collection and management of data from multiple systems to allow for proper reporting of the Information Security program effectiveness through risk analysis and trends. The ideal candidate will have knowledge of risk management, security and privacy practices and be an effective communicator, both written and verbal.

You will engage business personnel to ensure all requisite data and information is complete, accurate, and consistently delivered. You will use your experience and knowledge of security in working with a team to deliver on Governance, Risk and Compliance goals related to developing the complete perspective for operational and management visibility of overall compliance to the Information Security program, policies, and practices. You will be expected to establish and foster relationships with the various areas of the business to build rapport and be viewed as a trusted partner to help teams deliver on their commitment of compliance with security and privacy policies and regulations.

What you will be responsible for:

• Implement the enterprise-wide strategy and key initiatives/projects focused on the reduction of technology risk, governance and compliance to policies and external regulatory compliance
• Assist in the execution of departmental plans, including business, production and/or organizational priorities and contribute to the Governance, Risk and Compliance functional strategy
• Work with IT and business teams to perform security and compliance assessments on new and existing systems, processes, and technology
• Collaborate to define Information Security requirements and develop / update associated policies
• Support internal and external audit processes for relevant compliance concerns
• Participate in disaster recovery and business continuity planning and exercises, as appropriate
• Perform periodic gap assessments to validate compliance on an ongoing basis
• Tactically operate the systems for: risk register management, vendor and software risk assessments, incident-related risk logging and mitigation, data subject access request workflows and management, management for the configuration of cookie compliance, enterprise policy management, and data mapping
• Assist with the education and awareness programs to promote and foster the delivery of systems and services with security and privacy controls built-in.

Qualifications:

• 3+ years of relevant experience in the Information Security field with experience in the GRC area
• Experience with information security ISMS such as NIST CSF and ISO27001, and CIS controls beneficial
• Possess strong of comprehension of security and risk
• Knowledge and experience with SOC2 and the Trust Service Criteria beneficial
• Familiarity with eGRC tools
• Knowledge and experience with diverse IT architectures and enterprise IT data centers, large-scale transaction processing environments, external hosted services and cloud computing environments
• Experience working with security management tools (e.g., vulnerability scanners, file integrity monitoring, configuration monitoring, etc.) and perimeter technologies (e.g., router, firewalls, web proxies and intrusion prevention, etc.)
• Knowledge of configuration management, change control/problem management integration, risk assessment and acceptance, exception management and security baselines (e.g. CIS Baselines, NIST, vendor security technical implementation guides, etc.)

Education and Certification Requirements:

• Bachelor’s degree in Information Systems, Cybersecurity, or a related field
• GRC related certifications are preferred: GRCP, GRCA
• Privacy and risk related certifications are beneficial: CIPP, CIPT, CIPM, CERA, CRM

About SmartBear At SmartBear, we focus on your one priority that never changes: quality. We know delivering quality software over and over is complicated. So our tools are built to streamline your process while seamlessly working with the products you use – and will use. Whether it’s TestComplete, Swagger, Cucumber, ReadyAPI, Zephyr, or one of our other tools, we span from test automation, API lifecycle, collaboration, performance testing, test management, and more. Whichever you need, they’re easy to try, easy to buy, and easy to integrate. We’re used by 15 million developers, testers, and operations engineers at 24,000+ organizations – including world-renowned innovators like Adobe, JetBlue, FedEx, and Microsoft. Wherever you’re going, we’ll help you get there. Learn more at smartbear.com, or follow us on LinkedIn, Twitter, or Facebook.

SmartBear is an equal employment opportunity employer and encourages success based on our individual merits and abilities without regard to race, color, religion, gender, national origin, ancestry, mental or physical disability, marital status, military or veteran status, citizenship status, age, sexual orientation, gender identity or expression, genetic information, medical condition, sex, sex stereotyping, pregnancy (which includes pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), or any other legally protected status.