Senior GRC Analyst

At Serve Robotics, we’re reimagining how things move in cities. Our personable sidewalk robot is our vision for the future. It’s designed to take deliveries away from congested streets, make deliveries available to more people, and benefit local businesses.

The Serve fleet has been delighting merchants, customers, and pedestrians along the way in Los Angeles, Miami, Dallas, Atlanta and Chicago while doing commercial deliveries. We’re looking for talented individuals who will grow robotic deliveries from surprising novelty to efficient ubiquity.

We are tech industry veterans in software, hardware, and design who are pooling our skills to build the future we want to live in. We are solving real-world problems leveraging robotics, machine learning and computer vision, among other disciplines, with a mindful eye towards the end-to-end user experience. Our team is agile, diverse, and driven. We believe that the best way to solve complicated dynamic problems is collaboratively and respectfully.

As a Senior Governance, Risk, and Compliance (GRC) Analyst you will partner with Serve business and technology stakeholders to facilitate and align on security best practices. As a high-level subject matter expert in governance and risk, this position will apply technical knowledge and to assess and mitigate risks related to Serve’s financial and IT systems and business processes.

Responsibilities

• Serve as a subject matter expert on security best practices, compliance frameworks and standards such as SOX Section 404 IT General Controls, ISO 27001, GDPR, CCPA.

• Maintain security documentation including, but not limited to: information security policies and procedures, risk assessment methodology and treatment plans, privacy and business impact assessments (BIA/PIA), and compliance audit procedures.

• Manage Serve’s security awareness program platform and quarterly phishing simulation campaigns and reporting.

• Conduct periodic risk assessments of third-party vendor services and establish corrective action plans for risk mitigation.

• Support periodic IT audits for Serve critical business systems to ensure compliance with IT General control (ITGC) requirements.

• Track and manage audit findings and remediation activities to ensure timely resolution.

• Manage Serve’s compliance framework, risk and control matrix and compliance automation system of record.

• Prepare weekly reports for senior leadership on the compliance status of internal controls.

Qualifications

• Knowledge in ISO 27001/2 and SOC 2 trust principles.

• Knowledge in Information Security best practices.

• The following certifications are desired but not required: ISO/IEC 27001 Lead Implementer/Auditor, CISA, CISSP.

• Experience with participating in compliance audits in a lead or supporting role.

• Experience in preparing compliance audit workpapers such as artifact request lists, standard test cases and test plans.

• Experience with managing and supporting an Enterprise Risk Management (ERM) Lifecycle.

• Familiarity with the use of Standard Information Gathering (SIG) for Third-Party Vendor Risk Assessments.

• Experience using Atlassian Jira for team workload assignment and prioritization through Scrum or Kanban project management.

• Experience configuring, managing and providing support for GRC or IRM tools such as Archer, ZenGRC or RSAM, Vanta.

• Experience with developing compliance and security analytics/insights through Looker, PowerBI, Chartio or similar BI/analytics tooling.

• Ability to work effectively while prioritizing and juggling competing priorities in a fast-paced work environment.