Staff Security GRC Analyst

Location: 

Remote roles in the US are available in all states EXCEPT Hawaii, Alaska, Montana, or any US Territories.  Very strong preference for candidates located in the Dallas, TX area.

What You’ll Need

• Minimum of 12 years of experience in security risk management, vendor risk assessment, or related field.
• 4 years experience within a Management consulting firm, ideally from a Big 4 consulting firm.
• Experience in analyzing, assessing risk and drawing insights from available data sources (financial, operational and qualitative) and collaborating to drive issue resolution in partnership with key stakeholders.
• Proficiency in orchestrating security risk assessments at macro and micro levels.
• Ability to develop and communicate risk mitigation strategies effectively to technical and non technical audiences In-depth knowledge of regulatory requirements and industry best practices.
• Proven ability to facilitate effective collaboration between technical and non technicals teams/stakeholders
• Experience with cloud engineering practices.
• Experience in problem-solving within fast-paced and constantly changing environments.

About the Role

• As a Staff Security GRC Analyst, you will be responsible for identifying, assessing, and prioritizing security risks across large areas of the business including Engineering and Security organizations. You will play a crucial role in orchestrating security risk assessments at both macro and micro levels, developing effective risk mitigation strategies, and communicating these risks to stakeholders and decision-makers. Your proficiency in regulatory requirements, industry best practices, and risk management within a governance framework will be essential in ensuring the security posture of our organization. Moreover, your strong analytical skills and effective communication abilities will facilitate collaboration between IT, Engineering, People, Legal, and other stakeholders to address security risks effectively.

What You’ll Do

• Own end to end security risk management methodology to enhance the organization's security posture, including root cause analysis, stakeholder management, and leadership communication on findings and resolution.
• Identify, assess, and prioritize security risks across different areas of the Security and Engineering organization.
• Orchestrate security risk assessments at both macro and micro levels.
• Develop and communicate risk assessment and treatment strategies to stakeholders and decision-makers using broad industry expertise.
• Stay updated on regulatory requirements and industry best practices to ensure compliance and alignment with standards.
• Own successful collaboration between IT, Engineering, People, Legal, and other stakeholders to address security risks effectively.
• Advise security leadership and key stakeholders on the impact of the risk signals ingested by the system.
• Develop, document, and operate a security risk management program, complementary to Opendoor that accounts for risk quantification, standards (e.g., NIST CSF) based capability maturity, effectiveness, measurement and monitoring of controls effectiveness and broader risk signals.
• Support reporting with risk insights into, and evidence of, emerging information security risks.
• Design, establishment, and tracking of KPIs and KRIs against risk appetite statements.
• Provide consideration, and guidance on regulatory matters and mitigate against uncertainty.
• Establish a system of key risk indicators for Opendoor to evaluate aggregate current information security risk at a glance for executive review and decision making.
• Facilitating effective risk domain management and evaluating risk domain governance controls for Opendoor.

Bonus points if you have

• Relevant certifications such as Certified Risk and Information Systems Control (CRISC) , or Certified Information Security Manager (CISM) are preferred.

Compensation: 

Our compensation reflects the cost of labor across several U.S. geographic markets, and we pay differently based on those defined markets. Base pay is one part of our total compensation package and is determined within a range. This provides the opportunity to progress as you grow and develop within a role. The U.S. pay range for this position is $144,000-$203,000 annually. Pay within this range varies by work location and may also depend on your qualifications, job-related knowledge, skills, and experience. Your recruiter can share more about the specific salary range for the job location during the hiring process. We also offer a comprehensive package of benefits including paid time off, 12 paid holidays per year, medical/dental/vision insurance, basic life insurance, and 401(k) to eligible employees.

#LI-Remote
#LI-JH1