Senior GRC Analyst

Skillable is a 100% remote and virtual tech company that’s modernizing the world of training. Come share your professional magic with highly talented, drive and fun colleagues who believe in the power of “skilling.” Experience what a true team focused on doing the right thing feels like! 

Our people and talent are what make us great and fun! We work together to create amazing solutions and experiences for our customers and their clients. We utilize our employees’ personal strengths to help our company grow and ensure our team is living their best, authentic life. We don’t just share our appreciation for our team members once a year with a branded mug—it’s shared on a daily basis. Our remote work environment blends the demands of work and life without the added pressure of commuting or feeling guilty about leaving early to visit the dentist. 

Come work with us and learn what teamwork and integrity blended with an emphasis on well-being and balance can do for your career! 

The Senior Governance, Risk and Compliance (GRC) Analyst is responsible for developing and upholding security policies, standards, and procedures that adhere to industry best practices and regulatory mandates. They will spearhead the application and enforcement of security governance frameworks. They will design and manage the implementation of automation processes to enhance trust, assurance, compliance and regulatory efforts. They will provide mentorship to team members, fostering a culture of continuous learning and growth within the security domain. 

Responsibilities

• Oversee the implementation and enforcement of security governance frameworks (e.g., ISO 27001, NIST CSF, COBIT). 
• Collaborate with senior leadership to define security objectives and ensure alignment with organizational goals. 
• Design and lead implementation of automation for trust, assurance, compliance, and regulatory activities. 
• Identify, assess, and prioritize security risks across the organization. 
• Develop and maintain a customer-facing trust center to transparently and accurately communicate the organization's audits, security practices, certifications, and compliance efforts. 
• Act as a point of contact for customers seeking additional information about the organization’s security and compliance programs. 
• Respond to customer inquiries and requests for additional documentation in a timely and professional manner. 
• Act as a liaison between technical teams, business units, and external stakeholders to address security, compliance, risk and accessibility needs. 
• Develop risk mitigation strategies and manage the security risk register. 
• Conduct regular risk assessments and security audits to evaluate and address vulnerabilities. 
• Develop relationships with internal risk owners to ensure timely and appropriate response to identified risk 
• Provide recommendations for risk treatment and remediation efforts. 
• Ensure compliance with applicable laws, regulations, and standards, such as GDPR, HIPAA, PCI-DSS, SOX, or other relevant frameworks. 
• In partnership with VP of Security, lead and coordinate internal and external audits, ensuring timely and successful completion. 
• Partner with key internal stakeholders to support and execute on security training programs to promote compliance awareness among employees. 
• Promote awareness and adherence to accessibility standards such as WCAG (Web Content Accessibility Guidelines) in digital security measures. 
• Design and implement organization-wide security awareness training programs to educate employees on best practices and potential threats. 
• Monitor and measure the effectiveness of training programs and update content as needed. 
• Collaborate with internal teams to provide accurate and timely responses to security questionnaires and other assessments required by customers, partners, and regulatory bodies that reflect the organization's security posture. 
• Maintain a repository of responses and supporting documentation to streamline future questionnaire processes. 
• Mentor a team of GRC professionals, fostering a culture of accountability and continuous improvement. 
• Act as a liaison between technical teams, business units, and external stakeholders to address security, compliance, risk and accessibility needs. 
• Provide regular reports and updates to executive leadership and the board on the status of security initiatives and risks. 
• Provide regular reports and updates to executive leadership and the board on the status of security initiatives and risks. 
• Support and promote the company values through positive interactions with both internal and external partners and customers on a regular basis. 
• Other strategic business initiatives or cross-functional project involvement as required. 

Qualifications

• Bachelors' degree in Computer Science, Information Security, a related technical field or equivalent years of professional experience. Master’s degree Preferred. 
• 8+ years of experience in information security, governance, risk, and compliance roles. 
• Relevant certifications such as CISSP, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor. 
• Strong knowledge of security frameworks, regulatory requirements, risk management methodologies, and accessibility standards. 
• Deep knowledge of industry regulations and standards (i.e. GDPR, HIPAA, CCPA, PCI-DSS) and their application to enterprise environments. 
• Exceptional leadership, communication, and problem-solving skills. 
• Proven ability to manage multiple priorities in a fast-paced environment. 
• Experience with cloud security and SaaS environments preferred. 
• Familiarity with security tools and technologies such as GRC platforms, vulnerability management, and threat intelligence systems preferred. 
• Demonstrated ability to build strong relationships across diverse teams and stakeholders preferred 
• Ability to stay up-to-date with changes in the regulatory landscape and evolving risk management practices. 
• Strong project management skills, including the ability to oversee multiple GRC related projects simultaneously 
• Strong track record of driving continuous improvement and innovation within a GRC program. 
• Ability to identify emerging risks, and trends, providing strategic recommendations for continuous improvement. 
• Strong communication skills with the ability to effectively communicate complex risk and compliance issues to stakeholders at all levels. 

Salary Range 

The base salary for this position is $130,000 - $160,000 annually. Consistent with applicable laws, compensation will be determined based on the candidate's level, relevant skills, qualifications, and experience along with requirements for the position and annual financial plans. 

Skillable is a distributed first team with employees working across the U.S., and we do not consider geography when determining compensation ranges. 

Please note that it is not typical for an individual to be hired at or near the top of the range. Skillable reserves the right to modify this compensation range at any time. 

What’s in it for You?  Rewards and Perks 

We believe in providing a suite of benefits that ensure our employees know we appreciate them as people first.  Skillable wants to be a company that promotes physical, emotional and all around well-being through our benefit offerings! Subject to eligibility requirements, the Company offers comprehensive benefits including: 

• Fully remote with a monthly stipend to pay for office services and supplies 
• Medical (2 plan options), dental (2 plan options), vision, health savings account with generous employer contributions, healthcare spending accounts, dependent care spending accounts, EAP, group paid life insurance, group paid STD and LTD and voluntary life/AD&D insurance, accident and critical illness options. 
• 401(k) with Company match, tuition reimbursement, healthy lifestyle reimbursements. 
• Open PTO, Paid holidays, bereavement leave, parental leave, caregiver leave and paid FMLA leave. 
• Friends and Family Friday to end our standard workweek at 2pm local time; Full company closure during the 4th of July holiday week. 
• Access to pet insurance; Access for employees and dependents to Skillable learning opportunities through our product and more!   

Working Conditions:  

The job conditions for this position are in a remote home office setting, requiring a space that supports privacy and focus to attend to regular and frequent video and voice calls. Employees in this position use PC and phone on an on-going basis throughout the day. Periodic travel may be required equaling up to approximately 10% of the time.

Skillable participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work int he U.S.  If E-Verify cannot confirm that you are authorized to work, this employer is required to give you written instructions and an opportunity to contact Department of Homeland Security (DHS) or Social Security Administration (SSA) so you can begin to resolve the issue before the employer can take any action against you, including terminating your employment.  

Skillable can only hire potential candidates with a primary residence in the following States: AZ, CA, CO, FL, GA, ID, IN, KY, MA, ME, MI, MO, NC, ND, NE, NH, NV, NY, OH, OK, SC, TN, TX, UT, WA, WI.