Governance, Risk and Compliance Analyst

About CloudBees

CloudBees enables enterprises to deliver scalable, compliant, and secure software, empowering developers to do their best work. 

Seamlessly integrating into any hybrid and heterogeneous environment, CloudBees is more than a tool—it's a strategic partner in your cloud transformation journey, ensuring security, compliance, and operational efficiency while enhancing the developer experience across your entire software development lifecycle. It allows developers to bring and execute their code anywhere, providing greater flexibility and freedom through fast, self-serve, and secure workflows.

CloudBees supports organizations at every step of their DevSecOps journey, whether using Jenkins on-premise or transitioning software delivery to the cloud. We’re helping customers build the future, today.

About the job

As a GRC Analyst at CloudBees, you will support the global Governance, Risk, and Compliance (GRC) function by assisting in the development and management of security policies, ensuring compliance with regulations, and integrating risk management into business operations. You will work with various stakeholders to help strengthen the organization’s security posture, contributing to audits, assessments, and security framework implementation. Additionally, you'll play a role in promoting security awareness throughout the company and supporting continuous improvement efforts within the GRC program.

If you are a proactive self-starter that is looking to join a fast-growing team, we would love to hear from you.

WHAT YOU'LL DO

• Conduct risk assessments and support more complex audits under senior guidance.
• Act as the initial point of contact for GRC issues, handling inquiries and guiding them through the process.
• Support internal and external audit activities, tracking corrective actions and control deficiencies.
• Maintain compliance certifications (e.g., ISO 27001, SOC 2) and contribute to certification efforts.
• Assess third-party security risks through due diligence and vendor evaluations.
• Contribute to privacy-related compliance efforts, particularly in data protection regulations.
• Take responsibility for compliance initiatives, ensuring adherence to relevant frameworks and reducing risk exposure.
• Liaise with business teams on compliance requirements and regulatory impacts.
• Design and deliver cyber awareness training, as required.
• Track KPIs related to risk assessments and audits, while identifying trends or issues that require attention. 
• Track security tasks and milestones in roadmaps, ensuring timely progress.
• Constructively challenge stakeholders when roadblocks arise, proposing practical solutions.

WHO YOU ARE

• Minimum 1-3 years of relevant work experience, such as Cyber Risk Analyst, Security Engineer, Developer, IT Auditor, Project Manager, Cyber Security Analyst or Business Analyst.
• Bachelor’s degree in business, information technology, engineering or relevant field of study
• Strong Excel and data analysis skills
• Must possess strong written and oral communication skills, and a practical, common-sense approach to getting things done
• Experience of identifying technical risks within software development environments.
• Proactively collaborates with individuals across various teams and keeps stakeholders informed with regular updates, minimizing surprises and ensuring alignment.
• Ability to manage time and multiple priorities to execute high quality deliverables.
• Ability to think strategically and execute tactically in a high-energy, fast-paced environment
• High degree of organization and ability to manage multiple, competing priorities simultaneously
• Ability to work independently and autonomously.
• Awareness of relevant privacy regulations and security frameworks such as GDPR, SOC2 and ISO27001.
• Desirable, CRISC or CISA qualification or any other relevant cyber security qualification.
• Desirable, awareness of security practices within cloud environments (AWS or GCP) 
• Desirable, understanding of SDLC and coding practices

WHAT YOU'LL GET

• Highly competitive benefits and vacation package. 
• Ability to work for one of the fastest growing companies with some of the most talented people in the industry. 
• Team outings.
• Fun, Hardworking, and Casual Environment.
• Endless Growth Opportunities.

We’re invested in you!

We offer generous paid time off to allow our employees time to rest, recharge and to be present with family and friends throughout the year. At CloudBees, we truly believe that the more diverse we are, the better we serve our customers. A global community like Jenkins demands a global focus from CloudBees. Organizations with greater diversity—gender, racial, ethnic, and global—are stronger partners to their customers.

Whether by creating more innovative products, or better understanding our worldwide customers, or establishing a stronger cross-section of cultural leadership skills, diversity strengthens all aspects of the CloudBees organization. In the technology industry, diversity creates a competitive advantage. CloudBees customers demand technologies from us that solve their software development, and therefore their business problems, so that they can better serve their own customers. CloudBees attributes much of its success to its worldwide work force and commitment to global diversity, which opens our proprietary software to innovative ideas from anywhere.

Along the way, we have witnessed firsthand how employees, partners, and customers with diverse perspectives and experiences contribute to creative problem-solving and better solutions for our customers and their businesses.

Scam Notice

Please be aware that there are individuals and organizations that may attempt to scam job seekers by offering fraudulent employment opportunities in the name of CloudBees. These scams may involve fake job postings, unsolicited emails, or messages claiming to be from our recruiters or hiring managers. Please note that CloudBees will never ask for any personal account information, such as cell phone, credit card details or bank account numbers, during the recruitment process. Additionally, CloudBees will never send you a check for any equipment prior to employment.

All communication from our recruiters and hiring managers will come from official company email addresses (@cloudbees.com) or from Paylocity and will never ask for any payment, fee to be paid or purchases to be made by the job seeker. If you are contacted by anyone claiming to represent CloudBees and you are unsure of their authenticity, please do not provide any personal/financial information and contact us immediately at tahelp@cloudbees.com.

We take these matters very seriously and will work to ensure that any fraudulent activity is reported and dealt with appropriately. If you feel like you have been scammed in the US, please report it to the Federal Trade Commission at: https://reportfraud.ftc.gov/#/.

In Europe, please contact the European Anti-Fraud Office at:  https://anti-fraud.ec.europa.eu/olaf-and-you/report-fraud_en 

Signs of a Recruitment Scam

· Ensure there are no other domains before or after @cloudbees.com.  For example:  “name.dr.cloudbees.com”

· Check any documents for poor spelling and grammar – this is often a sign that fraudsters are at work.

· If they provide a generic email address such as @Yahoo or @Hotmail as a point of contact.

· You are asked for money, an “administration fee”, “security fee” or an “accreditation fee”.

- You are asked for cell phone account information. 

#LI-Remote

 #LI-AM1