Senior Security Analyst, GRC

Description
Exabeam is a global cybersecurity leader that delivers AI-driven security operations. High-integrity data ingestion, powerful analytics, and workflow automation power the industry's most advanced self-managed and cloud-native security operations platform for threat detection, investigation, and response (TDIR). With a history of leadership in SIEM and UEBA, and a legacy rooted in AI, Exabeam empowers global security teams to combat cyberthreats, mitigate risk, and streamline security operations. Learn more at www.exabeam.com .
The Senior Security Analyst, in the Governance, Risk and Compliance (GRC) group will have overall responsibility for Exabeam's GRC and security awareness programs. You will be responsible for ensuring compliance with regulations and certifications such as the Global Data Protection Regulation (GDPR), TRUSTe, Privacy Shield, SOC2, ISO27001, HIPAA, PCI, CCPA, and FedRamp. You will develop, maintain, and ensure compliance with corporate policies, standards, and procedures in alignment with ISO27001 and NIST security frameworks. You will be responsible for reviewing contracts and agreements in a security context to ensure we can meet the security needs of our customers. You will manage the risk inventory. You will work closely with other security team members in completing cross functional projects.
This is an opportunity to own the governance, risk, compliance, and security awareness programs for a fast-paced, innovative, security product company.

Responsibilities

• Establish and maintain Exabeam's governance, risk, compliance, and security awareness programs
• Work with key stakeholders to ensure compliance with various regulations, such as the Global Data Protection Regulation (GDPR)
• Maintain or develop Exabeam's various compliance certifications, such as TRUSTe, Privacy Shield, SOC2, ISO27001, FedRamp, HIPAA, PCI, and CCPA
• Develop and maintain corporate policies, standards, and procedures in alignment with ISO27001, NIST, and SOC2 frameworks and controls
• Ensure business units are in compliance with all policies, standards, and procedures
• Prioritize and drive remediation of security gaps; across all departments
• Monitor and report on the compliance and risk landscape of the company
• Liaison for completion of third-party risk questionnaires, contracts, and management of our response database
• Work closely with other team members in completing cross functional projects and ensuring that other teams are accountable to governance, risk, and compliance regulations
• Define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements
• Create and manage the education and awareness programs; content, delivery, compliance, phishing and other testing, etc.
• Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies
• Participate in risk remediation efforts across business units
• Manage vendors and third party risk
• Establish processes to review implementation of new technologies to ensure security compliance

Requirements:

• 5+ years of experience in governance, risk management, and compliance roles in SaaS environment using Cloud Technologies
• Must have successful completion of a SOC2 Type 2 audit for a company providing SaaS on AWS, GCP, Mobile &/or IoT solutions
• Must have strong knowledge of regulatory requirements and industry standards (e.g., SOC2, ISO 27001, PCI, GDPR,IRAP).
• Experience auditing and applying control processes to networks and applications
• Knowledge of compliance regulations (GDPR, CCPA, etc.) and security frameworks (ISO27001, NIST, SOC2)
• Experience developing corporate security policies, standards, and procedures
• Experience with security and risk management
• Ability to apply knowledge by reading and interpreting regulations to formulate real world controls
• Understanding of cloud environments (GCP, AWS, Azure)
• Strong teamwork and collaboration skills with the ability to work across multiple business units (Engineering, HR, Legal, etc.) with multiple stakeholders to drive remediation of security gaps
• Strong facilitation and presentation skills and experience influencing and presenting at all levels including Senior business executives.
• Excellent written and verbal communication skills
• Strong critical thinking/problem solving skills
• Previous consulting, legal, and audit experience is a plus
• Experience in vendor management is a plus
• Understanding of solution delivery lifecycle and architecture is a plus
• Industry recognized certifications in security is a plus (CRISC, GRCP, CGEIT, ITIL, CISSP, CISM, CISA)

Exabeam Total Rewards offers you:
(Subject to applicate eligibility requirements)

• Extensive medical, dental and vision coverage to meet your healthcare needs and employer Health Savings Account contribution to help pay for health expenses now or in the future
• Generous 401(k) employer match to help you save for your future
• Paid Time off including "take what you need" flex time, volunteer day of service, your birthday, parental leave, holidays and more
• Widespread learning center for career planning and skill development to grow your career
• A culture of passionate, diverse, committed professionals

Salary: The annual starting salary for this position is between $143,000-$153,000 annually depending on experience and other qualifications of the successful candidate.
Bring your Whole Self to Work!
Diversity, equity, and inclusion are at the core of who we are. At Exabeam, we know that diverse perspectives spark innovation, improve creativity, and position our team for success. Creating a culture where all are welcomed, valued, and empowered to achieve their full potential is important to who we are today and in the future. We hire the best of the best and do not discriminate based on race, gender, age, religion, sexual orientation, identity, or other personal factors.
Exabeam is proud to be an equal opportunity employer. We are committed to equal opportunity regardless of race, color, ancestry, religion, gender, gender identity, genetic information, parental or pregnancy status, national origin, sexual orientation, age, citizenship, marital status, disability, or Veteran status.
Exabeam and LogRhythm have merged. You can learn more about our cybersecurity powerhouse here .