Senior Security GRC Analyst

About the team:

The Information Security (InfoSec) organisation advances the overall state of security at Rubrik through critical initiatives and coordination of large security projects. Information Security builds technologies tools and processes to better enable teams at Rubrik to develop secure software and protect data and systems with appropriate security controls. Information Security also develops systems to monitor and respond to attacks against our systems provides awareness education to teams on security best practices for data protection and ensures data sharing relationships with third parties in order to securely protect Rubrik information.

About the role:

We are looking for a Compliance Analyst to streamline and automate our security compliance this role you will be the engine behind our regulatory adherence and internal control environments. You wont just check boxes; youll build scalable evidence collection processes manage internal assessments and partner with engineering teams to close security gaps. You will focus on the execution and continuous monitoring of our security compliance framework ensuring we remain audit-ready across multiple standards (such as SOC2 ISO 27001 or HIPAA).

What youll do:

• Framework Management: Maintain global compliance certifications including ISO 27001 SOC2 BSI C5 Cyber Essentials DESC and evolving data privacy standards.
• Audit Coordination: Serve as the primary liaison for internal and external audits; manage timelines evidence collection and communication between process owners and auditing bodies.
• Strategic Partnership: Partner with cross-functional teams (risk governance sec-ops etc.) to identify control gaps prioritise remediation efforts and implement scalable solutions that reduce organisational risk
• Evidence Lifecycle Management: Systematise the collection and retention of audit evidence to ensure the organisation is audit-ready at all times without disrupting daily operations..
• Continuous Monitoring: Experience in conducting a common controls framework which shall be required to assess control effectiveness and evidence to support in defining security posture and compliance
• Standard Simplification: Deconstruct complex regulatory requirements and technical standards into clear actionable and operational requirements.
• Stakeholder Communication: Act as a subject matter expert providing transparent and persuasive updates on the health of the compliance program to leadership and internal teams.
• Compliance Advocacy: Design and deliver targeted training sessions to help process owners understand their role within the Rubrik controls framework and the why behind security requirements.
• Support Risk Management: Support risk assessments to identify document and track the remediation of information security threats.
• Governance: Support to develop and update the information security policy framework to ensure alignment between business objectives and regulatory requirements.
• Third-Party Risk: Support the supplier security process to conduct ongoing monitoring of vendors to ensure third-party services do not compromise the organisations security posture.

Experience youll need:

• 5 years of experience in Information Security Governance Risk and Compliance (GRC) or relevant Compliance roles in the tech industry
• Proven track record of driving security and operational risk processes within a modern risk oversight function
• Advanced knowledge of risk quantification principles and experience implementing FAIR-like approaches
• Strong understanding of common security risks vulnerabilities and threats
• Expertise in relevant information security frameworks (ISO 27001/2 FedRAMP SOC 2 CIS Top 20 PCI DSS NIST CSF HIPAA)
• Proficiency in audit and risk management methodologies (SOX COBIT NIST RMF)
• Hands-on experience with data analytics and BI tools (e.g. Power BI) and agile project management tools (e.g. Jira)
• Executive presence with the ability to represent a vision and build consensus across diverse partners
• Detail-oriented and able to understand the bigger picture by using your technical expertise and problem-solving abilities to prioritise and manage blocking issues.
• Ability to ramp up quickly and learn new technologies with minimal lag time.
• Able to discuss issues at technical and business levels with audiences of various backgrounds.
• Bachelors degree in Security Computer Science or related field; Masters degree preferred
• Professional certifications such as CISA CISM CRISC CGEIT or CISSP
• Experience in high-growth SaaS and data management industries is a plus
• 5 years of experience in Information Technology Information Security Information Security Compliance and/or Auditing
• Executive presence with the ability to represent a vision and build consensus across diverse partners
• Familiarity with security and privacy standards such as ISO 27001 SOC2 HIPAA HI-TRUST BSI C5 Cyber Essentials DESC EU-US Privacy Shield etc.
• Detail-oriented and able to understand the bigger picture by using your technical expertise and problem-solving abilities to prioritise and manage blocking issues.
• Ability to ramp up quickly and learn new technologies with minimal lag time.
• Able to discuss issues at technical and business levels with audiences of various backgrounds.
• Ability to manage multiple projects and deliver quality work to deadlines
• Demonstrated experience in the development and management of a comprehensive compliance program that balances risk and the needs and goals of the business
• Excellent interpersonal verbal and written communication skills with the ability to communicate compliance-related concepts to a broad range of technical and non-technical staff
• Demonstrated success working with internal audit external auditors outside consultants and outside counsel
• Bachelors degree in Security Computer Science or related field; Masters degree preferred
• Professional certifications such as CISA CISM CRISC CGEIT or CISSP
• Experience in high-growth SaaS and data management industries is a plus
• Strong technical foundation to be able to develop Rubrik compliance best practices based on compliance requirements and Rubrik systems and processes.

Join Us in Securing and Accelerating the Worlds AI Transformation

Rubrik (RBRK) the Security and AI Operations Company leads at the intersection of data protection cyber resilience and enterprise AI acceleration. Rubrik Security Cloud delivers complete cyber resilience by securing monitoring and recovering data identities and workloads across clouds. Rubrik Agent Cloud accelerates trusted AI agent deployments at scale by monitoring and auditing agentic actions enforcing real-time guardrails fine-tuning for accuracy and undoing agentic mistakes.

Linkedin X (formerly Twitter) Instagram

Inclusion @ Rubrik

At Rubrik we are dedicated to fostering a culture where people from all backgrounds are valued feel they belong and believe they can succeed. Our commitment to inclusion is at the heart of our mission to secure the worlds data.

Our goal is to hire and promote the best talent regardless of background. We continually review our hiring practices to ensure fairness and strive to create an environment where every employee has equal access to opportunities for growth and excellence. We believe in empowering everyone to bring their authentic selves to work and achieve their fullest potential.

Our inclusion strategy focuses on three core areas of our business and culture:

• Our Company: We are committed to building a merit-based organization that offers equal access to growth and success for all employees globally. Your potential is limitless here.

• Our Culture: We strive to create an inclusive atmosphere where individuals from all backgrounds feel a strong sense of belonging can thrive and do their best work. Your contributions help us innovate and break boundaries.

• Our Communities: We are dedicated to expanding our engagement with the communities we operate in creating opportunities for underrepresented talent and driving greater innovation for our clients. Your impact extends beyond Rubrik contributing to safer and stronger communities.

Equal Opportunity Employer/Veterans/Disabled

Rubrik is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin or protected veteran status and will not be discriminated against on the basis of disability.

Rubrik provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race color religion sex national origin age disability or addition to federal law requirements Rubrik complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment including recruiting hiring placement promotion termination layoff recall transfer leaves of absence compensation and training.

Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please contact us at if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures providing documents in an alternate format using a sign language interpreter or using specialized equipment.

EEO IS THE LAW

NOTIFICATION OF EMPLOYEE RIGHTS UNDER FEDERAL LABOR LAWS