Security GRC Analyst

At Sisense, we are on a mission to empower modern data teams to deliver insights to everyone inside and outside their organizations. We bring "power to the builders" by enabling our customers to answer complex questions with data and drive the best business outcomes possible.
As a Security GRC Analyst at Sisense, you are pivotal in enhancing and maintaining the security posture of our operations. This role encompasses a wide range of responsibilities, including the management of security questionnaires, conducting supply chain security risk assessments, and meticulous oversight of security policy and compliance frameworks. The ideal candidate will possess strong expertise in information security, audit, demonstrate excellent analytical and problem-solving skills, and have a proactive approach.
WHAT YOU'LL DO
Management of Security Operations

• • Oversee and prioritize the queue of security inquiries from customers, ensuring accurate and timely responses.
  • Utilize and refine a comprehensive response document to efficiently address common queries and collaborate with various business units for complex questions.
  • Serve as the primary point of contact for customers and internal teams such as Customer Success Managers (CSMs) to resolve any related inquiries or issues

Third-Party (Partner) Risk Management

• • Proactively scrutinize SOC2 and other relevant compliance reports from suppliers.
  • Conduct detailed security risk assessments of partners/suppliers, managing escalations when risk levels exceed thresholds.
  • Continuously monitor critical suppliers' security postures using third-party assessment services and manage the associated portal.
  • Engage with third-party support teams to enhance processes and troubleshoot issues.

Security Policy and Compliance Management

• • Conduct regular assessments to evaluate compliance with regulatory standards and contractual requirements. Coordinate with internal stakeholders and external auditors to facilitate compliance audits and assessments.
  • Oversee and manage the lifecycle of security policy updates, ensuring policies are reviewed, re-approved, and updated according to compliance requirements and internal timelines.
  • Coordinate with external audit teams to prepare for and facilitate annual audits, including scheduling, evidence gathering, and ensuring smooth execution of audit processes.
  • Maintain proactive oversight of the audit and compliance schedules, escalating issues as needed and ensuring all deadlines are met to maintain certifications and comply with audit standards.

Security Training Program Oversight

• • Oversee the company's security training program, including communication with employees regarding required security training sessions.
  • Coordinate ongoing security training activities, ensuring all employees are up-to-date with the latest security practices and compliance requirements.
  • Manage related metrics and reporting to assess the effectiveness of the training program and make adjustments as needed.

WHAT YOU'VE ACCOMPLISHED... SO FAR:

• Minimum 2 years of experience in information security, particularly in GRC (Governance, Risk, and Compliance) operations.
• Bachelor's degree in technology related field and/or certification in information security, compliance or audit (e.g. CGRC, CISA, CRISK)
• Thorough understanding of SOC2 compliance and ISO 27001 Information Security Management Systems (ISMS) frameworks.
• Experience working with external audit teams, conducting compliance assessments, managing evidence requests and audits.
• Knowledge of third-party risk management principles and practices.
• Strong communication and interpersonal skills, ability to collaborate with others and listening skills.
• Ability to identify, classify, score, report and manage information security risks.
• Demonstrated ability to manage complex security engagements and initiatives.

About Sisense:
Sisense stands as a beacon of light in the embedded analytics landscape, recognized globally for pioneering solutions that infuse intelligence into every facet of business. As we continue on our journey and explore the vast opportunities of the API economy, we're positioning ourselves for unprecedented growth.
Our vision is bold and transformative: a future where analytics and insights underpin every decision, every process, and every interaction. Our team, an amalgamation of diverse perspectives and unique skills, is our secret weapon. At Sisense, we foster a culture of innovation, collaboration, and inclusivity, powering our relentless drive to redefine what's possible in the world of analytics.
Join us in this ambitious journey. This position offers more than a job; it's a chance to reshape the industry, redefine the future of analytics, and be a part of a team that's pushing boundaries. Let's shape the future of analytics together.

For roles in the US, Applicants must be authorized to work in the US as we are unable to provide employer sponsorship at this time.
: The base pay range for candidates located in Colorado is $85,000- $ 110,000 (/yr). The salary of the finalist selected for this role will be based on a variety of factors, including but not limited to market location, internal equity, job-related knowledge, experience and training, education, skill sets, and other business and organizational needs. A bonus, equity, commissions, and restricted stock units may be provided as part of the compensation package, in addition to a full range of medical, financial, and/or other benefits, depending on the position offered. This position may be considered a promotional opportunity. The disclosed salary range represents an estimate of the base compensation for candidates who can or will be located in Colorado. This range may vary with respect to candidates whose primary work location is outside those jurisdictions.
: The base pay range for candidates located in New York City and California is $85,000-$ 110,000(/yr). The salary of the finalist selected for this role will be based on a variety of factors, including but not limited to market location, internal equity, job-related knowledge, experience and training, education, skill sets, and other business and organizational needs.The disclosed salary range represents an estimate of the base compensation for candidates who can or will be located in New York City or California. This range may vary with respect to candidates whose primary work location is outside those jurisdictions.