Position Summary

Premise is growing, and we are looking to add expertise to our Information Security program. We are hiring an Information Security Governance, Risk, and Compliance (GRC) Analyst. You will support in growing and maturing our security program. As an InfoSec GRC Analyst, you will ensure our policies are up to date, our program meets compliance and privacy requirements, and we are on track to a more secure environment. Get to work with different teams at a tech startup as you help strengthen security controls in our infrastructure, tools, technologies, product, and processes. This is a collaborative role where you will have to work with different IT, Infrastructure, Engineering, Sales, and Administrative teams.

***This is an onsite position based out of our Washington DC office.

What You Will Do

• Write, develop, standardize, and share Information Security policies and standards
• Track and manage security compliance efforts like SOC 2 Type 2 and CMMC
• Align Premise’s Information Security program to best practices (e.g., NIST CSF) and identify security initiatives for Premise
• Support in certification, privacy, and regulatory processes to help track key requirements and manage security compliance goals (SOC 2, CMMC, GDPR, CCPA/CPRA, etc.)
• Collaborate with technical resources in Engineering, Infrastructure, IT, and Information Security to mitigate open security risks
• Identify, maintain, and communicate security risks in risk register, and support cyber risk management efforts
• Support sales and legal teams by responding to security inquiries and questionnaires, and ensuring customer’s cyber-related questions are addressed
• Track and manage security efforts like vendor security audits/reviews, access review support, security awareness training, vulnerability management, and more
• Recommend technical and programmatic security improvements, conduct security gap assessments, and work with third parties like pen testers and auditors to address gaps and findings
• Provide support on technology and security initiatives by gathering requirements, tracking progress, and documenting issues/risks, deliverables, and milestones

What You Bring Along

• Bachelor/Masters degree in technical degree or equivalent work experience
• 2+ years of experience working in Information Security or a related field
• Ability to write, review, and standardize technical documentation, policies/standards, and assessments/questionnaires
• Strong verbal and written communication skills
• Effective at collaborating with cross-functional teams with competing needs and priorities
• Excellent problem-solving and organizational skills
• Experience in cybersecurity frameworks: NIST, ISO27001, or others
• Proficient in collaborative Office tools (Microsoft Word, Excel, PowerPoint; Google Docs, Sheets, Slides) with ability to write well, and document and organize ideas, concepts, and plans concisely
• Basic understanding of technology and information security topics such as, but not limited to, access management/control, asset management, endpoint security, network management/security, IaaS/PaaS/SaaS security, cloud security, data protection, security awareness, governance, risk, and compliance

Extras

• Compliance, regulatory, and privacy expertise
• Risk management expertise
• Experience in GRC tools
• Experience in audits, certifications, and privacy: SOC 2, CMMC, FedRAMP, GDPR, CCPA/CPRA
• Experience demonstrating leadership; ability to influence, set priorities, inspire, and show accountability
• Experience partnering closely with engineers, operations, sales, marketing, legal, and different teams
• Interested in supporting and being hands on in technical security concepts

What You Get

• Competitive compensation and 401k plans
• Comprehensive medical/dental/vision coverage for you and your family
• Access to Health Savings Accounts and Flexible Savings Accounts
• Unlimited time off + paid holidays
• Opportunities for equity shares
• Dependent-care Flexible Spending Accounts, plus fertility support and coverage of $15,000
• Commuter transit and parking subsidies
• Daily lunch and snacks on-site