Governance, Risk and Compliance Analyst
Minneapolis, Minnesota
Product & Technology – Security /
Full-Time /
Hybrid
Siteimprove is growing and so is our Security function. We are on a journey to establishing a distributed architecture, scaling our world-class hybrid cloud, both vertically and horizontally, and want to strengthen the Security Governance, Risk, and Compliance (GRC) team with a GRC Analyst.
As a GRC Analyst at Siteimprove, you will be part of the central Security team, reporting directly to the GRC Team Lead NA. With day-to-day support from your manager and the other Security GRC team members, you will be working across all business units to support customer engagement, develop customer security reference materials and complete vendor security reviews.
What you will be doing
- Responding to requests from customers for information on our security measures
- Reviewing security clauses in customer and vendor contracts
- Supporting the business with customer engagements, including attending customer calls and
supporting our sales teams - Maintaining security customer question and answer database
- Coordinating responses to customers (monthly/quarterly updates) as required by contract
- Producing and maintaining customer security reference materials
- Completing vendor security reviews
- Coordinating audit responses and evidence with key stakeholders
- Providing, reviewing and enhancing security training and awareness programmes
- Maintaining elements of Siteimprove’s information security management system (ISMS),
including customer friendly security overviews - Supporting maintaining and obtaining of certifications such as ISO 27001, FedRAMP etc.
- Producing internal security reports including gathering key statistics
- Performing other related duties as assigned
What we require of you
- Fluent in English, both verbally and written
- Proficient in using Microsoft core products, such as Word and PowerPoint
- Understanding of information security principles such as CIA, need to know and least privilege
- Awareness of the legal and regulatory security requirements
- Flexible and collaborative approach to enabling and supporting the business
- Stakeholder and relationship management skills
What we will love about you
- Degree, apprenticeship or equivalent
- Knowledge of cyber security frameworks such as ISO2700 and NIST
- You thrive working in a fast-moving, agile environment with both technical and non-technical stakeholders
- Hands-on, pragmatic and with an eye for detail
- Desire and drive to make a difference in our security culture
In addition, we hope you will appreciate:
- Rest and relaxation: Open Paid Time Off (OPTO) program for vacation, personal illness, mental health, or to care for a family member, 11 paid holidays, and two Give Back Days
- Comprehensive benefits: National medical plan, dental, vision, paid maternity leave, paid paternity leave, HSA, Flex, employer-sponsored short-term, long-term disability, discounts to volunteer plans to meet your family needs, and more!
- Prepare for the future: 401(k) with a company match to provide a better future in your retirement years.
$43,198 - $53,998 a year
The pay for the successful candidate will depend on various factors, including work location, relevant knowledge, skills, qualifications, and experience.
Siteimprove is an equal opportunity employer
All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, age, marital status, pregnancy, genetic information, or other legally protected status.
Siteimprove is a global corporation that has developed data practices to ensure your personally identifiable information is appropriately protected. Please note that personal information may be transferred, accessed, and stored globally as necessary for the uses and disclosures stated in accordance with our Privacy Policy at https://siteimprove.com/en/privacy/.
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
