GRC Analyst
GRC Analyst
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
$ 110000 - 175000
1 Vacancy
Job Description
Obsidian Security was founded in 2017 to solve the unaddressed blindspot of SaaS Security. SaaS applications provide the tools employees need to succeed and hold the business most critical information. If those tools become unavailable or that data is jeopardized there is a detrimental impact on the organization.
Obsidian proudly offers the industrys most comprehensive and powerful SaaS defense solution. We are committed to solving the challenge of SaaS Security for our customers as efficiently and effectively as possible.
Were a passionate team optimizing for impact by solving some of the biggest challenges in cybersecurity today. We listen closely to our customers iterate quickly and (over) deliver to delight them. Working at Obsidian means contributing to an industryleading cybersecurity product in an environment where customer satisfaction privacy and data ethics are paramount.
Obsidian Security is looking for a GRC Analyst to join our IT team. This Analyst will have a broad scope including:
Governance & Policy Management
- Maintain and update the Master Controls Register with mappings to frameworks (e.g. SOC 2 ISO 27001 ISO 27701 ISO 42001 GDPR NIST).
- Track control ownership implementation status and evidence requirements across the organization.
- Assist in drafting updating and versioncontrolling security and compliance policies standards and procedures.
- Ensure policy reviews and approvals occur on schedule; coordinate with document owners and stakeholders.
Risk Management
- Support ongoing risk assessments and periodic risk reviews across business units.
- Document risk findings mitigation plans owners and timelines in the Risk Register.
- Conduct thirdparty risk assessments for vendors platforms and SaaS tools.
- Collaborate with internal teams to analyze new risks introduced by product changes or infrastructure updates.
- Track risk mitigation action items and followup on deadlines.
Compliance and Audit Support
- Coordinate readiness activities for internal and external audits (SOC 2 ISO etc..
- Prepare and organize audit artifacts and walkthrough documentation.
- Work with control owners to collect review and validate audit evidence.
- Track open audit findings and corrective action plans; assist with resolution followups.
- Support ongoing compliance readiness posture through internal reviews and testing.
ThirdParty Risk & Vendor Management
- Maintain the vendor inventory and classify vendors based on risk levels.
- Issue and track security questionnaires or due diligence assessments.
- Monitor vendor compliance with contractual and regulatory requirements.
- Coordinate vendor documentation reviews (e.g. SOC 2 reports pen test results certifications).
Controls Testing & Security Operations Support
- Assist in the design and implementation of new security controls aligned to frameworks.
- Conduct control effectiveness testing and control gap analysis.
- Partner with engineering DevOps and security teams to understand and verify technical control implementations (e.g. logging access controls encryption).
- Track remediation activities related to failed controls or known security issues.
Pay Transparancy
Please note that the base pay range is a guideline and for candidates who receive an offer the base pay will vary based on factors such as work location as well as the knowledge skills and experience of the candidate. In addition to a competitive base salary this position is eligible for equity awards and may be eligible for incentive compensation based on factors such as experience skills and location.
At Obsidian we are proud to be an equalopportunity employer. We value diversity and hire for talent passion and compassion. In compliance with federal law all persons hired will be required to submit satisfactory proof of identity and legal authorization. If you have a need that requires accommodation please contact
Information collected and processed as part of any job applications you choose to submit is subject to Obsidians Applicant Privacy Policy.
Base Salary Range
$110000 $175000 USD
Employee Benefits:
Our competitive benefits packages are designed to support our employees wellbeing both at work and at home. Our US based employees enjoy:
- Competitive compensation with equity and 401k
- Comprehensive healthcare with dental and vision coverage
- Flexible paid time off and paid holiday time off
- 12 weeks of new parent or family leave
- Personal and professional development resources
For more details on our US benefits or for information on our international benefits please see here.
Required Experience:
IC
Employment Type
Full Time
