Security Analyst, Governance, Risk, and Compliance

We’re in an unbelievably exciting area of tech and are fundamentally reshaping the data storage industry. Here, you lead with innovative thinking, grow along with us, and join the smartest team in the industry.

This type of work—work that changes the world—is what the tech industry was founded on. So, if you're ready to seize the endless opportunities and leave your mark, come join us.

SHOULD YOU ACCEPT THIS CHALLENGE... 

Are you ready to be the hero behind the scenes, tackling high-stakes security challenges like Ethan Hunt in "Mission: Impossible"? Join our dynamic Governance, Risk, and Compliance (GRC) team within Pure Security Office, where you’ll be at the forefront of safeguarding our digital assets and ensuring robust risk management practices. You will be an expert of our digital fortress, identifying and addressing risks to strike an optimal balance between business outcomes and risk mitigation. If you are passionate about risk management and understand its fundamental role in key business decisions, then this is the perfect role for you!

Overview 

We are seeking a detail-oriented Security Analyst specializing in Governance, Risk, and Compliance (GRC) with a strong focus on Risk Management. The ideal candidate will be responsible for identifying, assessing, and mitigating risks to ensure the security and compliance of our organization's information systems. This role requires a deep understanding of risk management frameworks, security policies, and compliance standards to protect our digital assets and support our business objectives.

What You’ll Do

• Collaborate with cross-functional Infrastructure, Engineering, Business and Security teams to Identify potential security risks to information systems and data
• Educate, influence and work with technology and platform owners to implement necessary controls and best practices related to identified risks
• Develop and implement risk management strategies and processes
• Maintain the cybersecurity risk register
• Conduct regular risk assessments
• Process security exceptions while assessing risks
• Monitor and report on the effectiveness of risk management initiatives
• Appropriately assess risk when business and technical decisions are made, demonstrating risk management mindset

Requirements

General Experience

• 5+ years of proven experience in a GRC or Risk Management role, in both on-prem and cloud environments in a Technology Company
• Knowledge of Security Best Practices (e.g., least privileged, zero trust model)
• Hands on working knowledge with GRC tools (e.g., ServiceNow, ZenGRC)
• Cybersecurity certifications (e.g., CISSP, CISM, CISA) are a plus

Technical Skills

• Strong knowledge of risk management frameworks (e.g., NIST, ISO 31000) and compliance standards (e.g., ISO27001, SOC-2).
• Basic to intermediate understanding of secure software development practices
• Expertise with risk identification in solution architecture and design
• Strong working knowledge of building risk reports for senior management 

Soft Skills

• Analytical Thinking: Skill in analyzing problems, identifying root causes, and providing solutions
• Project Management: Experience managing project timelines, resources, and stakeholders
• Collaboration: Ability to work well with cross-functional teams, including Engineering, IT operations, Security, and Compliance teams

You will be based in Santa Clara. As this is an office-centric role, you are expected to be present in the office for 3 days a week. As outlined in Pure's Hybrid Work Policy, there will be variations over periods of time, depending on business need.

Pay Range: $130,000.00 - $196,000.00 

Salary ranges are determined based on role, level and location. For positions open to candidates in multiple geographical locations, the base salary range is reflective of the labor market across the applicable locations. 

This role may be eligible for incentive pay and/or equity. 

And because we understand the value of bringing your full and best self to work, we offer a variety of perks to manage a healthy balance, including flexible time off, wellness resources, and company-sponsored team events - check out purebenefits.com for more information. 

There is no application deadline and we accept applications on an ongoing basis until the job is filled.

WHAT YOU CAN EXPECT FROM US:

• Pure Innovation: We celebrate those who think critically, like a challenge and aspire to be trailblazers.
• Pure Growth: We give you the space and support to grow along with us and to contribute to something meaningful. We have been Named Fortune's Best Large Workplaces in the Bay Area™, Fortune's Best Workplaces for Millennials™ and certified as a Great Place to Work®!
• Pure Team: We build each other up and set aside ego for the greater good.

And because we understand the value of bringing your full and best self to work, we offer a variety of perks to manage a healthy balance, including flexible time off, wellness resources and company-sponsored team events. Check out purebenefits.com for more information.

ACCOMMODATIONS AND ACCESSIBILITY:

Candidates with disabilities may request accommodations for all aspects of our hiring process. For more on this, contact us at TA-Ops@purestorage.com if you’re invited to an interview.

WHERE DIFFERENCES FUEL INNOVATION:

We’re forging a future where everyone finds their rightful place and where every voice matters. Where uniqueness isn’t just accepted but embraced. That’s why we are committed to fostering the growth and development of every person, cultivating a sense of community through our Employee Resource Groups and advocating for inclusive leadership. At Pure Storage, diversity, equity, inclusion and sustainability are part of our DNA because we believe our people will shape the next chapter of our success story.​ 

Pure Storage is proud to be an equal opportunity employer. We strongly encourage applications from Indigenous Peoples, racialized people, people with disabilities, people from gender and sexually diverse communities, and people with intersectional identities. We also encourage you to apply even if you feel you don’t match all of the role criteria. If you think you can do the job and feel you’re a good match, please apply.