Security Governance, Risk and Compliance Analyst

Aera Technology is a pioneer in the growing category of Decision Intelligence – the technology to digitize, augment, and automate decision-making processes with AI and machine learning. Through our AI decision automation platform, Aera Decision Cloud™, we are helping the best-known brands in the world make smarter, faster decisions.
Privately-held and VC-funded, we have a global team of over 400 Aeranauts – and we’re growing. We deliver Decision Intelligence innovation and services that enable enterprises to automate and scale decision making with accuracy and speed. We continue to be the trusted choice of market leaders for our proven ability to generate value and unlock opportunities that were previously unattainable. 
As the Senior GRC Analyst at Aera you will be responsible for our Governance and Compliance program. We are a fast-paced Global company with a changing infrastructure as well as global customers who require top standards of security. Our security program at Aera is an established and certified program that keeps our business needs aligned with the security needs of our customers. You will be working closely with IT, HR, SRE, Engineering, and other members of the security team. Your reports and recommendations will be used by the CSO and executive staff to make critical decisions about the security of our business and our customers.

Responsibilities

• Review the overall health and performance of the Security program and governance at Aera including reporting on risk assessment across the company.
• Ensure compliance with SOC 2 and ISO 27001 standards are met and new changes and standards are incorporated into the governance policies and procedures at Aera.
• Complete customer due diligence including contract reviews and security questionnaires
• Review HR compliance standards including training, onboarding and offboarding procedures are complete and accurate.
• Assist with Privacy compliance requirements like the GDPR and ensure our security controls meet the various privacy requirements.
• Work closely with leaders in IT and Operations functional areas to ensure change management processes meet compliance requirements.
• Work with third party auditors and guide internal audits against regulatory frameworks (SSAE 18 SOC 2 type 2, HIPAA, GDPR, ISO 27001)
• Review infrastructure reports from both IT and cloud assets meet our standards.
• Identify and Report Control deficiencies, raise the appropriate risks and work with stakeholders to create remediation plans
• Manage projects that relate to governance, risk, and compliance initiatives
• Be part of a team that promotes risk and security awareness and training programs
• Develop and implement a risk reporting framework for management teams and governance committees
• Willingness to learn and stay current with industry trends relating to cyber security, privacy and risk 

About You

• Bachelor’s Degree or equivalent combination of education and experience in Information Security, Computer Science, Management Information Systems or related curriculum
• 5+ years demonstrated experience in risk management, information security, privacy or a data protection or assurance-related function
• Technical and Functional experience in domain of Governance, Enterprise Risk Management and Regulatory Compliance
• Proven understanding of risk assessment methodologies, frameworks, and procedures and the ability to work flexibly with them to meet organizational size, maturity, and culture considerations
• Facilitates IT governance implementation
• Experience building network of relationships across functions and to liaise with senior management
• Ability to think strategically about security risks and tie those to tactical organizational activities
• Open to learning and working on new domains and technology
• Ability to manage all aspects of large-scale projects to bring about organizational change
• Experience with risk assessments and compliance of major regulatory initiatives (e.g. HIPAA, ISO, PCI, SOX, FEDRAMP, SSAE18, GDPR)

Perks and Benefits

• Stock Options:  We believe every Aera team member should have a stake in our future success
• Medical:  A medical subscription to one of the main private healthcare clinic networks (Regina Maria) 
• Employee Referral Program:  Earn cash when your referrals get hired!
• Paid Time Off: Benefit from the beginning of 25 annual leave days;
• Snacks: When you’re working from the office, you’ll have access to our fully stocked kitchen with a selection of snacks and beverages
• Events and Extras:  We work hard and get things done, but we also value the importance of having fun: office outings; birthday celebrations; holiday parties; weekly in-office lunches, and more
• Work Schedule:  We’re open to a hybrid work model, and can offer a flexible daily schedule depending on your role
• Note: We’re continuously re-evaluating these to offer the best for our Aeranauts, so these are subject to change for the better

If you share our passion for building a sustainable, intelligent, and efficient world, you’re in the right place. Established in 2017 and headquartered in Mountain View, California, we're a series D start-up, with teams in Mountain View, San Francisco (California), Bucharest and Cluj-Napoca (Romania), Paris (France), Munich (Germany), London (UK), Pune (India), and Sydney (Australia).  So join us, and let’s build this!
Aera Technology is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Pursuant to the San Francisco Fair Chance Ordinance, Aera Technology will consider for employment qualified applicants with arrest and conviction records.  Aera Technology respects the privacy of your data.  Please take the time to read our European GDPR privacy candidate notice available here