Senior GRC Analyst
Senior GRC Analyst
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
$ 200000 - 250000
1 Vacancy
Job Description
Who Are We
Postman is the worlds leading API platform used by more than 35 million developers and 500000 organizations including 98 of the Fortune 500. Postman is helping developers and professionals across the globe build the APIfirst world by simplifying each step of the API lifecycle and streamlining collaborationenabling users to create better APIs faster.
The company is headquartered in San Francisco and has an office in Bangalore where it was founded. Postman is privately held with funding from Battery Ventures BOND Coatue CRV Insight Partners and Nexus Venture Partners. Learn more at or connect with Postman on X via @getpostman.
P.S: We highly recommend reading The APIFirst World graphic novel to understand the bigger picture and our vision at Postman.
The Opportunity
The Senior GRC Analyst role will be part of the Security GRC team at Postman. The Security GRC team is responsible for the overall security posture of Postman by ensuring compliance with applicable regulations and contractual obligations and maintaining effective and efficient governance risk and compliance programs. In addition the Security GRC team is directly involved with supporting and enabling Sales and driving security and compliance initiatives to further the growth of Postman.
We seek a Senior GRC Analyst with extensive experience implementing managing and maturing compliance programs including but not limited to SOC 2 ISO 27 HIPAA GDPR CCPA and FedRAMP. This role must possess a significant level of technical knowledge that allows for clear communication with engineering stakeholders and the ability to provide actionable guidance and recommendations on processes (e.g. translate risk language to engineering requirements).
As a senior member of the Security GRC team this role will be instrumental in guiding the strategy of the GRC program in partnership with senior management. In addition to technical acumen the role requires an individual who is resultsoriented and pragmatic and demonstrates effective problemsolving and communication skills. The Senior GRC Analyst often serves as a subject matter expert for colleagues and lineofbusiness managers and experience with multiple technologies compliance requirements and risk management methodologies is crucial.
What youll do
- Lead and coordinate high visibility projects for our risk & compliance roadmap including: SOC2 ISO 27 HITRUST and FedRAMP.
- Contribute to the development management and ongoing improvement of the company risk program compliance initiatives and overall security risk posture.
- Lead the development and maturity of critical risk domains such as third party risk management and business resilience.
- Lead critical control activities with stakeholders across the business quantifying risks evaluating mitigations and driving action to measurably reduce risk.
- Lead participate and innovate on processes to streamline compliance audit activities with external auditors and internal control owners to ensure successful completion of audit requirements with minimal toil.
- Establish and contribute to risk and compliance activities with an eye toward continuous controls monitoring automation.
- Act as a mentor advisory and escalation point for team members and stakeholders.
About You
- 7 years of handson experience in cybersecurity governance risk and compliance preferably within fastpaced technology companies.
- Bachelors degree in computer science information security/cybersecurity or related field or relevant work experience.
- Relevant certifications such as CISSP CRISC CISA or CISM a plus.
- Knowledge of and experience implementing managing and maturing GRC programs with a bias to action ability to design effective but pragmatic solutions with an ability to balance short term and long term goals.
- Proficient technical knowledge and familiarity with management information systems cybersecurity audits and internal controls.
- Experience working with engineering and nonengineering stakeholders to drive successful risk activities.
- Experience with establishing and maturing third party risk management programs with a proven ability to balance third party risk with business need.
- Experience identifying gaps creating and tracking correction action and mitigation plans to closure at scale.
- Selfmotivated and wellorganized to accomplish goals and tasks completely and on time.
- Experience successfully driving risk & compliance programs in globally distributed organizations.
The reasonably estimated base salary for this role ranges from $200000 to $250000 plus a competitive equity package. Actual compensation is based on the candidates skills qualifications and experience.
What Else
In addition to Postmans payonperformance philosophy and a flexible schedule working with a fun collaborative team Postman offers a comprehensive set of benefits including full medical coverage flexible PTO wellness reimbursement and a monthly lunch stipend. Along with that our wellness programs will help you stay in the best of your physical and mental health. If you have little ones in your family the creche allowance can help in supporting your worklife balance. Our frequent and fascinating teambuilding events will keep you connected while our donationmatching program can support the causes you care about. Were building a longterm company with an inclusive culture where everyone can be the best version of themselves.
At Postman we embrace a hybrid work model. For all roles based out of San Francisco Bay Area Boston Bangalore Noida Hyderabad and New York employees are expected to come into the office 3days a week. We were thoughtful in our approach which is based on balancing flexibility and collaboration and grounded in feedback from our workforce leadership team and peers. The benefits of our hybrid office model will be shared knowledge brainstorming sessions communication and building trust inperson that cannot be replicated via zoom.
Our Values
At Postman we create with the same curiosity that we see in our users. We value transparency and honest communication about not only successes but also failures. In our work we focus on specific goals that add up to a larger vision. Our inclusive work culture ensures that everyone is valued equally as important pieces of our final product. We are dedicated to delivering the best products we can.
Equal opportunity
Postman is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender perception or identity national origin age marital status protected veteran status or disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this website or directly to managers. Postman does not accept unsolicited headhunter and agency resumes. Postman will not pay fees to any thirdparty agency or company that does not have a signed agreement with Postman.
Required Experience:
Senior IC
Employment Type
Full Time
