Grc Analyst

**Who we are**:
BigID is an innovative tech startup that focuses on solutions for data security, compliance, privacy, and AI data management. We're leading the market in all things data: helping our customers reduce risk, drive business innovation, achieve compliance, build customer trust, make better decisions, and get more value from their data.

We are building a global team passionate about innovation and next-gen technology. BigID has been recognized for:

- BigID Named Hot Company in Artificial Intelligence and Machine Learning at the 2024 Global InfoSec Awards
- Citizens JMP Cyber 66 List of Hottest Privately Held Cybersecurity Companies
- CRN 100 list named BIgID as one of the 20 Coolest Identity Access Management And Data Protection Companies Of 2024 (2 years running)
- DUNS 100 Best Tech Companies to Work For in 2024
- Top 3 Big Data and AI Vendors to Watch' in the 2023 BigDATAwire Readers and Editors Choice Awards
- 2024 Inc. 5000 list for the 4th consecutive year
- Shortlisted for the 2024 AI Awards in the category of Best Use of AI in Cybersecurity

At BigID, our team is the foundation of our success. Join a people-centric culture that is fast-paced and rewarding: you'll have the opportunity to work with some of the most talented people in the industry who value innovation, diversity, integrity, and collaboration.

**Who we seek**:
At BigID, we believe in building a high-performing and inclusive culture where innovation, integrity, and teamwork thrive. Join a passionate team of data experts and industry leaders, and contribute to solving some of the most critical challenges in data privacy and security today.

As a Security GRC Analyst at BigID, you will be a key player in safeguarding our mission-critical platform. You'll contribute significantly to our security posture by:

- **Driving key risk management initiatives**: You'll actively participate in security and privacy risk assessments.
- **Maintaining compliance excellence**: You'll ensure adherence to relevant security standards and regulations (e.g., SOC 2, ISO 27001, GDPR).
- **Fostering strong cross-functional collaboration**: You'll work closely with engineering, legal, and operations teams to implement and maintain effective security controls.

In this role, you will report directly to the Security Compliance Lead.

**What you'll do**:

- Help maintain and improve security compliance and risk management documentation including policies, standards, and processes.
- Help manage compliance programs for key certifications such as ISO 27001, SOC 2, HIPAA, PCI, and support external audits to maintain security certifications.
- Collaborate on building and managing security and privacy risk management programs.
- Support the use and optimization of Governance, Risk & Compliance (GRC) tools such as Anecdotes, Confluence, and Jira to drive effective security governance.
- Assist in enforcing security policies and procedures based on industry standards, ensuring compliance across teams.
- Assess and manage third-party risk for new and existing vendors to ensure their compliance with BigID's security standards.
- Assist in responding to customer security questionnaires, ensuring clarity and confidence in our security posture.
- Work closely with various teams (engineering, legal, operations) to ensure understanding of control activities, provide training, and share security best practices across the organization.
- Contribute to the development and continuous improvement of disaster recovery and business continuity plans.
- Help track and report on metrics and KPIs to measure the effectiveness of security and risk management programs.

**What you'll bring**:

- Bachelor's Degree in a relevant field or an equivalent combination of education, work experience, and professional certifications.
- 3+ years of experience in a security audit, governance, or risk management role within the tech sector.
- Experience with Confluence, Jira, and GRC tools like Anecdotes.
- In-depth knowledge of AWS security best practices and services (e.g., AWS Certified Security Specialty).
- Familiarity with managing compliance for standards such as ISO 27001, SOC 2, HIPAA, PCI, and experience in supporting external audits.
- Knowledge of regulatory frameworks like GDPR, CCPA, or other regional standards.
- Proven ability to lead and manage projects, with strong organizational, analytical, and problem-solving skills.
- Strong interpersonal skills with the ability to communicate effectively across teams and levels, driving alignment on security strategies.
- Ability to thrive in a fast-paced, dynamic environment while delivering results and meeting deadlines.
- Experience working in a global environment, understanding diverse regulatory and security requirements.

**Our Values**:

- We look for people who embody our values - Care, Do,Try & Shine._
- _Care - We care about our customers and each other_
- _Do - We do what it takes to make a positive impact_
- _Try - We try o