Security Analyst (GRC Specialist)

Our Story So Far
Since our founding in 2019, Pigment has become one of the fastest-growing SaaS companies in the world today. Our product, a highly efficient Enterprise Performance Management (EPM) platform, is helping companies achieve their financial goals by quickly responding to dynamic factors in their respective markets including Tech, Retail, CPG & Financial Services. 
In less than 5 years, Pigment has grown to over 450 employees across offices in New York, Toronto, London & Paris and attracted a total of $393M in investment from some of the top Venture Capital firms globally.We serve companies including Unilever, Deliveroo, Gong and Brex to name a few!
We are looking for a Governance, Risk and Compliance specialist, whose core focus will be to protect our customers' and compliance data.

Key Responsibilities

• Strategic Leadership


• Under the coordination of the CISO, participate in the definition of a multi-year, risk-driven security roadmap, design policies, processes and guidance documents driving its implementation


• Implementing the security roadmap, either autonomously or with support from other engineering teams, either in a delivery or project management capacity, depending on the project’s technical requirements.


• Establish and implement company-wide security policies and procedures covering internal IT, production platforms, facilities, and more.


• Improve and maintain the risk analysis and its mitigation planDesign and implement a comprehensive reporting framework of security indicators


• Operational Excellence


• Drive implementation of the security roadmap, leading initiatives and coordinating with engineering teams or other relevant stakeholders (legal, HR, support, customer experience


• Oversee vulnerability remediation, including triage, prioritization, and mitigation follow up.


• Oversee vendor security assessments and ensure alignment with compliance requirements, deliver security approvals in the procurement process


• Participate in the asset management program (contractors, accounts, datasets, etc.) 


• Compliance Management


• Lead certifications renewals for SOC 1, SOC 2, and contribute to acquisition of new certification (e.g., ISO 27001, ISO 27701)


• Lead planning and execution of compliance audit programs conducted both internally and externally.


• Maintain and enhance compliance programs, collaborating cross-functionally to ensure adherence.


• Coordinate with the Sales and Legal teams to understand the legislative landscape and market requirements in terms of compliance.


• Advocacy and Training


• Design and implement security awareness training programs and champion best practices across teams (onboarding training, awareness training, phishing simulations, developer trainings)

Experience & Expertise

• At least 5 years of experience on governance and compliance topics, either as Security Engineer, Security Project Manager, or compliance officer (of course, you can be way more experienced!)


• Extensive knowledge and experience with the ISO27000 series standard:  implementation experience in obtaining and maintaining is a plusSolid technical background in security engineering


• Great team spirit with a problem-solving, can-do attitude.


• Good dose of humility and the willingness to grow (no matter your seniority!).


• Fluent in English (French is not mandatory!).

Environment

• The scope of this role includes both the production environment and internal IT
• Sites in Paris, London, Toronto and NYC 
• MacOS, Windows, Linux
• GCP, Kubernetes, Terraform, Postgres, SingleStore, Vault
• Okta, Oauth, JWT, C#, .NET Core, TypeScript, React
•  Vanta (GRC), Riot (awareness), Google Workspace (office), Jumpcloud (MDM and SSO), Hibob (HRIS), Slack (IM), GitHub (VCS), CircleCI / ArgoCD (CI/CD) HackerOne (Bug Bounty program), Datadog (SIEM), 1Password (password manager)

Pigment is an equal opportunity employer. We believe diversity is a strength and fosters innovation. We are committed to enabling everyone to feel included and valued at the workplace.  All qualified applicants will receive consideration for employment without regard to age, color, family, gender identity, marital status, national origin, physical or mental disability,  sex (including pregnancy), sexual orientation, social origin, or any other characteristic protected by applicable laws. We may process your personal data in accordance with our HR Data Protection Notice.