GRC Analyst

JupiterOne is a cyber asset attack surface management (CAASM) platform company providing visibility and security into your entire cyber asset universe. Using graphs and relationships, JupiterOne provides a contextual knowledge base for an organization’s cyber asset operations. With JupiterOne, teams can discover, monitor, understand, and act on changes in their digital environments. Cloud resources, ephemeral devices, identities, access rights, code, pull requests, and much more are collected, graphed, and monitored automatically.

JupiterOne is revolutionizing cybersecurity by helping organizations map and secure their digital assets. Our platform provides security teams with deep visibility into their environments, making it easier to understand risks and enforce security policies. We are looking for a GRC Analyst to join our security team and help us ensure our software solutions remain compliant with the standards to which we adhere.

What You’ll Do

• Coordinate and oversee policy reviews with key stakeholders, ensuring documents remain relevant and actionable.
• Regularly review and update policies, ensuring adherence to industry standards and organizational needs.
• Enforce timelines for vulnerability management, risk register resolution, and periodic compliance reviews.
• Maintain and refine issue logs, as well as J1QL evidence queries, to support compliance initiatives.
• Complete security questionnaires efficiently, developing reusable and repeatable processes.

Requirements

Who You Are

• Strong knowledge of compliance frameworks like SOC2, CCM, NIST 800-53, NIST 800-171, ISO 27002 or similar.
• Proven experience leading FedRAMP certification efforts from start to finish
• Ability to convert compliance standards into actionable policies and validate framework coverage.
• Skilled at communicating high level compliance and assurance concepts to senior leadership, as well as to engineering and development teams.
• Knowledge of GitHub and the git process of code management
• Proactively forecast compliance needs and develop roadmaps aligned with customer and regulatory expectations.
• Research industry compliance regulations and policies to ensure JupiterOne remains ahead of evolving standards.
  

Bonus

• Experience with query languages, such as SQL or other query language.
• Effective communication skills, including the ability to effectively convey urgency and priority of effort.

Benefits

• Medical, Dental, Vision Insurance etc.
• Flexible PTO
• Maternity & Paternity Paid Leave
• Reimbursement for Gym Memberships and/or Fitness Equipment
• Wellness Program Offerings
• 401(k), Life Insurance, Short and Long Term Disability
• Paid Holidays, including JupiterOne Day on July 21st.
• Generous Employee Referral Program
• & SO much more!