Governance Risk and Compliance (GRC) Analyst

What You’ll Be a Part Of:  ActionIQ is a leader in the massive and fast growing category of Customer Data Platforms (CDP). Our product brings order to Customer Experience (CX) chaos. ActionIQ’s CX Hub empowers everyone to be a CX champion by giving business teams the freedom to explore and take action on customer data, while helping technical teams regain control of where data lives and how it is used. We are backed by top-tier VCs Andreessen Horowitz, Sequoia Capital, and March Capital. Enterprise brands such as Autodesk, Bloomberg, Morgan Stanley, The Washington Post, Hertz, Atlassian and many more use our CX Hub to achieve growth through extraordinary customer experiences. The Team You’ll Join: It is the Security team's mission to safeguard the confidentiality, integrity, and availability of information systems, identity, and data assets. We provide proactive security expertise, creating and maintaining a resilient and secure infrastructure, and fostering a culture of security awareness and compliance throughout the organization. Security also acts as a business partner across the organization, to make security a first class citizen, and strive to work cross-functionally to secure system and network resources while reducing risk. About the role: As an integral member of the Information Security team, reporting to the VP of Information Security, the responsibility of the GRC Analyst is to work with key business units to drive the design, implementation, operation, and remediation activities of industry-accepted control frameworks (SOC 2, NIST, etc), establish and support policies, standards, and regulatory requirements. You will be responsible to provide controls, subject matter expertise, and guidance for the collection and management of data from multiple systems and consult internal business partners and report the Information Security program effectiveness through risk analysis and trends. The ideal candidate will have knowledge of risk management, security, and privacy practices and be an effective communicator, both written and verbal. How You’ll Contribute: Work with the InfoSec leadership to ensure the enterprise-wide strategy and key initiatives are focused on the reduction of technology risk, governance, and compliance with policies and external regulatory compliance Conduct information security risk assessments, assess and document the design of controls and identify and report on gaps and opportunities in new and existing systems, processes, and technology Coordinate with external and internal auditors to expedite reviews and support the mitigation of relevant compliance concerns Address and fulfill client security requests, including questionnaires, by collaborating with relevant stakeholders to ensure the company with reducing its sales barriers Develop strategies for ensuring organizational compliance with SOC 2, HIPAA, Data Privacy, NIST, and other similar standards and regulations. Engage control owners and key stakeholders across the organization to collect and test evidence and assess compliance. Collaborate to define Information Security requirements and develop/update associated policies Lead business continuity planning and exercises, as appropriate, and participate in disaster recovery Tactically operate the systems for: risk register management, vendor and software risk assessments, incident-related risk logging and mitigation, data subject access request workflows and management, management for the configuration of cookie compliance, enterprise policy management, and data mapping Lead the information security awareness programs to promote and foster the delivery of systems and services with security and privacy controls built-in Establish and foster relationships with the various areas of the business to build rapport and be viewed as a trusted partner to help teams deliver on their commitment to compliance with security and privacy policies and regulations What you Bring: 3-5 years of Information security, Governance, Risk, and Compliance experience focusing on compliance assessments, risk assessments, and/or technology audits Bachelor's degree in Information Systems, Risk Management, Cybersecurity, or other related field Experienced performing information security audits or risk assessments Demonstrated advanced understanding of a broad range of technical concepts: logical access control, network security, encryption, data privacy, and application security Implementation experience of compliance frameworks such as SOC 2 Type II, GDPR, and industry frameworks such as NIST CSF and ISO 2700x  Strong organizational skills with the ability to thrive in a fast-growing environment, leveraging best practices and approaching any problem as a team player with a can do attitude.  Knowledge of configuration management, change control/problem management integration, risk assessment and acceptance, exception management, and security baselines (e.g. CIS Baselines, NIST, vendor security technical implementation guides, etc.) Industry-recognized certifications are a plus: CRISC, CIPP, CDPSE, CISA, CISSP, or equivalent Compensation:   Our compensation package includes base salary, stock options, and the great benefits shown below. The salary range for this role is: $113,000 - $126,000 Benefits & Perks Preview :  Stay Happy and Healthy: Enjoy leading Medical, Dental and Vision benefits, 401k, FSA, Commuter Benefits, Gym Reimbursement, flexible PTO and 12-weeks paid parental leave Accelerate Your Career: Opportunities to explore, enhance, and expand your skill set through conferences, workshops, and access to Udemy learning courses. Enjoy the View: We have a beautiful office in NYC right on Madison Square Park, and local employees come into the office on a hybrid schedule, three days a week (M, W, Th) #LI-Hybrid. Office perks include catered lunches, a stocked kitchen with beverages and snacks, and monthly social hours. Join a Community: Work with a fun, inclusive, and smart team of people as we build a New York City based enterprise software company. For additional information about all of our benefit offerings, check out our Careers page.  Learn from your future colleagues:   Learn more about the next chapter for us, our customers and the future of customer experience here . To find out more about our people and Life At AIQ, be sure to visit our Medium Tech and Life blogs . ActionIQ is committed to building an inclusive, equitable, and diverse organization. We embrace equal opportunities for all applicants and want to foster a culture of belonging for our employees. We recognize and appreciate that the more inclusive we are, the better we will function as a team. AIQ welcomes applicants of any race, color, ancestry, religion, sex, national origin, gender identity, gender expression, age, marital or family status, disability, military veteran status, and any other status or background.