GRC Analyst, Third-Party Risk Management

Bengaluru - India

Monthly Salary: Not Disclosed

Posted on: 2 days ago

Vacancies: 1 Vacancy

Job Summary

About the role

The Governance Risk and Compliance Analyst is responsible for assisting in assessing third-party risk across Samsaras new and existing systems and building automated workflows to support a scaling program.

You take Security seriously but understand there is a business to operate and strive to build low friction solutions and decisions made in close partnership with others. On a typical day you might work with Samsaras legal or procurement team to discuss an ongoing review of a vendor build and refine AI enabled workflows to scale the vendor risk program and collaborate with teams in engineering to collect evidence for an upcoming audit.

This is a hybrid role based in Bengaluru. We are open to candidates currently residing anywhere within India; however relocation assistance will not be provided.

You should apply if:

You want to impact the industries that run our world: Your efforts will result in real-world impact helping to keep the lights on get food into grocery stores reduce emissions and most importantly ensure workers return home safely.
You are the architect of your own career: If you put in the work this role wont be your last at Samsara. We set up our employees for success and have built a culture that encourages rapid career development countless opportunities to experiment and master your craft in a hyper growth environment.
Youre energized by our opportunity: The vision we have to digitize large sectors of the global economy requires your full focus and best efforts to bring forth creative ambitious ideas for our customers.
You want to be with the best: At Samsara we win together celebrate together and support each other. You will be surrounded by a high-calibre team that will encourage you to do your best.

In this role you will:

Work with the local Senior Manager of Security Engineering to provide programmatic updates and communicate both program third-party and technical risk to the broader Information Security leadership team
Drive automation and efficiency in the TPRM program through the use of third-parties such as Zip and Vanta and creating native solutions; ensuring security reviews and reassessments scale with company growth.
Partner with Procurement Legal and Privacy to ensure vendor risks are identified documented and mitigated throughout the vendor lifecycle.
Champion role model and embed Samsaras cultural principles (Focus on Customer Success Build for the Long Term Adopt a Growth Mindset Be Inclusive Win as a Team) as we scale globally and across new offices

Minimum requirements for the role:

3 years of experience in the governance risk and compliance space
Experience implementing or maintaining vendor-risk programs
Experience performing security and maturity assessments
Supporting the creation or maintenance of risk registers compliance inventories and control mappings across internal and external systems
Ability to work with systems teams to collaboratively implement security controls across a diverse range of systems such as Okta Slack Salesforce and internal tooling
Professional experience coordinating and interacting with external auditors internal engineering teams business stakeholders senior leadership and security operations teams on procurement activities audit controls and compliance requirements
Experience conducting vendor risk assessments including reviewing security certifications penetration tests and policies.
Strong understanding of vendor integration risks and permission scoping across SaaS platforms (eg. Slack Google Workspace and Salesforce)
Ability to translate complex technical findings and requirements into clear business risks and requirements to non technical stakeholders.

An ideal candidate also has:

Experience working with NIST Cybersecurity Framework profiles SOC 2 ISO 27001 or similar frameworks
Experience creating workflows through automation and AI assitance
Experience working within common GRC and procurement platforms such as Zip and Vanta.
Experience managing high volumes of vendor requests and competing priorities.
Prior assessment experience in the Software-as-a-Service industry

#LI-hybrid

Required Experience:

About the roleThe Governance Risk and Compliance Analyst is responsible for assisting in assessing third-party risk across Samsaras new and existing systems and building automated workflows to support a scaling program.You take Security seriously but understand there is a business to operate and str...

About the role

This is a hybrid role based in Bengaluru. We are open to candidates currently residing anywhere within India; however relocation assistance will not be provided.

You should apply if:

You want to impact the industries that run our world: Your efforts will result in real-world impact helping to keep the lights on get food into grocery stores reduce emissions and most importantly ensure workers return home safely.
You are the architect of your own career: If you put in the work this role wont be your last at Samsara. We set up our employees for success and have built a culture that encourages rapid career development countless opportunities to experiment and master your craft in a hyper growth environment.
Youre energized by our opportunity: The vision we have to digitize large sectors of the global economy requires your full focus and best efforts to bring forth creative ambitious ideas for our customers.
You want to be with the best: At Samsara we win together celebrate together and support each other. You will be surrounded by a high-calibre team that will encourage you to do your best.

In this role you will:

Work with the local Senior Manager of Security Engineering to provide programmatic updates and communicate both program third-party and technical risk to the broader Information Security leadership team
Drive automation and efficiency in the TPRM program through the use of third-parties such as Zip and Vanta and creating native solutions; ensuring security reviews and reassessments scale with company growth.
Partner with Procurement Legal and Privacy to ensure vendor risks are identified documented and mitigated throughout the vendor lifecycle.
Champion role model and embed Samsaras cultural principles (Focus on Customer Success Build for the Long Term Adopt a Growth Mindset Be Inclusive Win as a Team) as we scale globally and across new offices

Minimum requirements for the role:

3 years of experience in the governance risk and compliance space
Experience implementing or maintaining vendor-risk programs
Experience performing security and maturity assessments
Supporting the creation or maintenance of risk registers compliance inventories and control mappings across internal and external systems
Ability to work with systems teams to collaboratively implement security controls across a diverse range of systems such as Okta Slack Salesforce and internal tooling
Professional experience coordinating and interacting with external auditors internal engineering teams business stakeholders senior leadership and security operations teams on procurement activities audit controls and compliance requirements
Experience conducting vendor risk assessments including reviewing security certifications penetration tests and policies.
Strong understanding of vendor integration risks and permission scoping across SaaS platforms (eg. Slack Google Workspace and Salesforce)
Ability to translate complex technical findings and requirements into clear business risks and requirements to non technical stakeholders.

An ideal candidate also has:

Experience working with NIST Cybersecurity Framework profiles SOC 2 ISO 27001 or similar frameworks
Experience creating workflows through automation and AI assitance
Experience working within common GRC and procurement platforms such as Zip and Vanta.
Experience managing high volumes of vendor requests and competing priorities.
Prior assessment experience in the Software-as-a-Service industry

#LI-hybrid

Required Experience:

Key Skills

ISO 27001
Microsoft Access
Risk Management
Financial Services
PCI
Risk Analysis
Analysis Skills
COBIT
NIST Standards
SOX
Information Security
Data Analysis Skills

Apply Now

About Company

Samsara

Publicly traded company [NYSE: IOT] offering a single platform for fleet operations at scale. Products include real-time GPS, ELD, AI-powered dash cams, telematics, maintenance, routing, & driver app. Recognized by the Forbes Cloud 100.

View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click