Lead Senior GRC Analyst

Job Description:DataRobot is the AI Cloud leader, delivering a unified platform for all users, data types, and environments to accelerate the delivery of AI to production for every organization. A third of the Fortune 50 currently trusts our Augmented Intelligence platform. We are growing and scaling rapidly with a massive market opportunity in sight. As a DataRobot employee, you will be part of a company whose mission is clear - to change outcomes for organizations worldwide. We’re at the forefront of the AI revolution, from banking to insurance to healthcare. And we need other revolutionaries to join us.Senior technology governance, risk, and compliance (GRC) analyst with experience in the areas highlighted below. This is a unique opportunity to expand your skills and influence a growing Cybersecurity Program.. This opportunity provides the ability to work with various teams to evaluate controls, perform control testing to improve the efficiency and effectiveness of the internal controls, monitor regulations for new or changed requirements, and coordinate with internal and external auditors to ensure compliance. You will facilitate control reviews to accommodate new business areas as well as changes in processes. Assist the technology teams in identifying gaps between policy and process, developing recommendations to remediate control weaknesses as well as executing 3rd party risk management reviews of key third-party service providers to ensure compliance obligations are being met including the monitoring of any remediation plans to address their weaknesses. Working with the pre-sales and professional services groups as a security SME responding to customer inquiries, RFP’s and building trust with customers.The Day to Day:In support of multiple attestations (ISO27001, PCI, HIPAA, HITRUST, SOC2) plan, design and execute controls testing, controls assessment and documentation across all domains for IT General Controls, (PCI DSS) Payment Card Industry, Data Privacy, (HIPAA) Health Insurance Portability and Accountability and other GRC requirements, as appropriateServe as trusted advisor and technology key controls subject matter expert; partner to evaluate the design and effectiveness of the control environment, both operational and technical; to develop trending for remediation efforts and overall compliance with regulatory and operational standards, and to build compliance programs including detailed exception reporting and complex configuration monitoring requirementsProvide direction and guidance in pre-implementation reviews of new systems and services to ensure proper controls are implemented and executed to meet complianceValidate information security key controls to identify control risks, analyze root causes and trends in potential control weaknesses; suggest new controls to meet GRC standards where applicableBe a trusted advisor for in scope internal and external audits to expedite reviews and mitigate operational impactsPartner to gain consensus on Compliance approaches with a proven ability to effectively communicate remediation and preventionDevelop strategies for ensuring organizational compliance with SOC2, GDPR, HIPAA, Data Privacy, federal, state, and local government compliance, or similar regulations.Experience with the following required:Experience in performing risk-based testing for control compliance, including the identification, assessment, and mitigation of compliance issues: understanding how to balance the company's risk appetite to compliance needs/requirementsMust have detailed knowledge and experience with technology controls across a variety of Industry frameworks and how to assess controls supporting compliance for SOX, PCI, HIPAA and Privacy.Developing dynamic approaches to the implementation of and technology compliance program utilizing a variety of testing methods, both manual and automated, to provide qualitative and quantitative results where applicableExcellent communication skills to include but not limited to verbal and written communication; delivering organized presentations; able to tailor message to the audience; and facilitate group discussions with diplomacy and seek diverse opinionsExcellent analytical skills with experience in data analysis to support reporting and testing processes.Possess strong organization and time management skills.Demonstrated flexibility in a fast paced and agile environment.Prior Compliance experience with the NIST control families 800-53 Rev. 5 or NIST 800-171Lead evidence collection and documentation for known policy frameworks such as - ISO27001, SOC 2, PCI/DSS, GDPR, CCPA, HITRUST, HIPAA.Conduct risk assessments against products, features, datasets, applications, and Third Party Risk Management(TPRM)Stay up to date on regulatory concerns and changing security landscape and information technologyEducation and/or Experience:Bachelor's degree in Business/ Computer Science/Technology with IT audit or compliance experienceIn depth knowledge of information security, Technology Compliance management industry frameworks and standards: NIST, OWASP, SANS, ISO-27001/2, SANS, and Cobit5+ years working experience with enterprise technology compliance management programs, or Auditing experience, controls testing, conducting ITGC and PCI assessments and leading related project teams as a security subject matter expert in privacy, data security and control issues with technologies such as Cloud, SaaS, Linux, Windows, Intrusion PreventionPrevious working experience and knowledge of two or more security functions (IT Compliance Assessor, QSA, Security Specialist, IT Auditor)What you get in return:We move fast and reward hard work. We expect results, and we love doing the work we’re passionate about.Our employees have a voice in what we do! We continually challenge and support each other to find better, more robust solutions for customers and partners. After all, it’s our customers that make us tick.We like to have fun along the way! We genuinely like each other and enjoy spending time together at company outings.We’re global! We are an international company supporting international customers, and we know that regular collaboration across the globe is how the best ideas come about.We’re committed to building a company culture where every individual can bring their full impact and reach their fullest potential. Our mission is to build a diverse and inclusive environment where dedicated people of all cultures, perspectives, backgrounds, races, genders, religions, orientations, abilities, and ages can 10x their lives.The talent and dedication of our employees are at the core of DataRobot’s journey to be an iconic company. We strive to attract and retain the best talent by providing competitive pay and benefits with our employees’ well-being at the core. Here’s what your benefits package may include depending on your location and local legal requirements: Medical, Dental & Vision Insurance, Flexible Time Off Program, Paid Holidays, Paid Parental Leave, Global Employee Assistance Program (EAP) and more!Our Core Values:Be You - We are co-contributors to our culture committed to diversity, inclusion, equity and a sense of belonging throughout our global community. We value each person as their authentic self and welcome honest and respectful dialogue as an avenue to greatness.Dream Big - We don’t settle for the status quo. We always pursue the development of the next version of ourselves. We believe investment in the growth and resilience of our people is the foundation of building an iconic company.Be Data-Driven - We believe data-driven decision making enables innovation and execution at velocity while ensuring repeatable success. We take on the toughest challenges as we transform the world with our platform and AI.Better Together - We celebrate success and learn from failure as one team. We foster an aligned, collaboration-first workplace by building trust through transparency, integrity and accountability.Champion Customers - We empower our customers and our communities by shaping the future of trusted, augmented intelligence in order to solve their most difficult problems. We are humble, not complacent. We succeed when they succeed.Research shows that many women only apply to jobs when they meet 100% of the qualifications while many men apply to jobs when they meet 60%. At DataRobot we encourage ALL candidates, especially women, people of color, LGBTQ+ identifying people, differently abled, and other people from marginalized groups to apply to our jobs, even if you do not check every box. We’d love to have a conversation with you and see if you might be a great fit.  All U.S. DataRobot employees must be fully vaccinated against COVID-19. If there is a medical, religious, or other legally protected reason that prevents you from receiving an available COVID-19 vaccination, and you are selected as a candidate for consideration, we have a process in place to evaluate requests for accommodation.DataRobot is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. DataRobot is committed to working with and providing reasonable accommodations to applicants with physical and mental disabilities. Please see the United States Department of Labor’s EEO poster and EEO poster supplement for additional information.All applicant data submitted is handled in accordance with our Applicant Privacy Policy.