Security Governance, Risk and Compliance Analyst

3 Months ago • 5 Years +

Job Summary

Job Description

As the Senior GRC Analyst at Aera, you will be responsible for the Governance and Compliance program, ensuring alignment with security needs of customers. You will collaborate with IT, HR, SRE, Engineering, and the security team, reporting to the CSO and executive staff. Responsibilities include reviewing the security program, ensuring compliance with SOC 2 and ISO 27001, completing customer due diligence, reviewing HR compliance, assisting with Privacy compliance (GDPR), ensuring change management compliance, working with third-party auditors, reviewing infrastructure reports, identifying control deficiencies, managing GRC projects, promoting risk and security awareness, and developing a risk reporting framework. This role requires staying current with industry trends in cybersecurity, privacy, and risk.

Must have:

5+ years experience in risk management, information security, or privacy.
Experience in Governance, Enterprise Risk Management and Regulatory Compliance
Understanding of risk assessment methodologies, frameworks, and procedures.
Facilitates IT governance implementation
Experience building network of relationships across functions and to liaise with senior management
Ability to think strategically about security risks and tie those to tactical organizational activities
Open to learning and working on new domains and technology
Experience with risk assessments and compliance of major regulatory initiatives (e.g. HIPAA, ISO, PCI, SOX, FEDRAMP, SSAE18, GDPR)

Perks:

Stock Options: We believe every Aera team member should have a stake in our future success
Medical: A medical subscription to one of the main private healthcare clinic networks (Regina Maria)
Employee Referral Program: Earn cash when your referrals get hired!
Paid Time Off: Benefit from the beginning of 25 annual leave days;
Snacks: When you’re working from the office, you’ll have access to our fully stocked kitchen with a selection of snacks and beverages
Events and Extras: We work hard and get things done, but we also value the importance of having fun: office outings; birthday celebrations; holiday parties; weekly in-office lunches, and more
Work Schedule: We’re open to a hybrid work model, and can offer a flexible daily schedule depending on your role

6 skills required

6 skills required for this role

Add these skills to join the top 1% applicants for this job

innovation

risk-assessment

risk-management

hr-compliance

talent-acquisition

team-management

Job Details

Aera Technology is a pioneer in the growing category of Decision Intelligence – the technology to digitize, augment, and automate decision-making processes with AI and machine learning. Through our AI decision automation platform, Aera Decision Cloud™, we are helping the best-known brands in the world make smarter, faster decisions.

Privately-held and VC-funded, we have a global team of over 400 Aeranauts – and we’re growing. We deliver Decision Intelligence innovation and services that enable enterprises to automate and scale decision making with accuracy and speed. We continue to be the trusted choice of market leaders for our proven ability to generate value and unlock opportunities that were previously unattainable.

As the Senior GRC Analyst at Aera you will be responsible for our Governance and Compliance program. We are a fast-paced Global company with a changing infrastructure as well as global customers who require top standards of security. Our security program at Aera is an established and certified program that keeps our business needs aligned with the security needs of our customers. You will be working closely with IT, HR, SRE, Engineering, and other members of the security team. Your reports and recommendations will be used by the CSO and executive staff to make critical decisions about the security of our business and our customers.

Responsibilities

Review the overall health and performance of the Security program and governance at Aera including reporting on risk assessment across the company.
Ensure compliance with SOC 2 and ISO 27001 standards are met and new changes and standards are incorporated into the governance policies and procedures at Aera.
Complete customer due diligence including contract reviews and security questionnaires
Review HR compliance standards including training, onboarding and offboarding procedures are complete and accurate.
Assist with Privacy compliance requirements like the GDPR and ensure our security controls meet the various privacy requirements.
Work closely with leaders in IT and Operations functional areas to ensure change management processes meet compliance requirements.
Work with third party auditors and guide internal audits against regulatory frameworks (SSAE 18 SOC 2 type 2, HIPAA, GDPR, ISO 27001)
Review infrastructure reports from both IT and cloud assets meet our standards.
Identify and Report Control deficiencies, raise the appropriate risks and work with stakeholders to create remediation plans
Manage projects that relate to governance, risk, and compliance initiatives
Be part of a team that promotes risk and security awareness and training programs
Develop and implement a risk reporting framework for management teams and governance committees
Willingness to learn and stay current with industry trends relating to cyber security, privacy and risk

About You

Bachelor’s Degree or equivalent combination of education and experience in Information Security, Computer Science, Management Information Systems or related curriculum
5+ years demonstrated experience in risk management, information security, privacy or a data protection or assurance-related function
Technical and Functional experience in domain of Governance, Enterprise Risk Management and Regulatory Compliance
Proven understanding of risk assessment methodologies, frameworks, and procedures and the ability to work flexibly with them to meet organizational size, maturity, and culture considerations
Facilitates IT governance implementation
Experience building network of relationships across functions and to liaise with senior management
Ability to think strategically about security risks and tie those to tactical organizational activities
Open to learning and working on new domains and technology
Ability to manage all aspects of large-scale projects to bring about organizational change
Experience with risk assessments and compliance of major regulatory initiatives (e.g. HIPAA, ISO, PCI, SOX, FEDRAMP, SSAE18, GDPR)

Perks and Benefits

Stock Options: We believe every Aera team member should have a stake in our future success
Medical: A medical subscription to one of the main private healthcare clinic networks (Regina Maria)
Employee Referral Program: Earn cash when your referrals get hired!
Paid Time Off: Benefit from the beginning of 25 annual leave days;
Snacks: When you’re working from the office, you’ll have access to our fully stocked kitchen with a selection of snacks and beverages
Events and Extras: We work hard and get things done, but we also value the importance of having fun: office outings; birthday celebrations; holiday parties; weekly in-office lunches, and more
Work Schedule: We’re open to a hybrid work model, and can offer a flexible daily schedule depending on your role
Note: We’re continuously re-evaluating these to offer the best for our Aeranauts, so these are subject to change for the better

If you share our passion for building a sustainable, intelligent, and efficient world, you’re in the right place. Established in 2017 and headquartered in Mountain View, California, we're a series D start-up, with teams in Mountain View, San Francisco (California), Bucharest and Cluj-Napoca (Romania), Paris (France), Munich (Germany), London (UK), Pune (India), and Sydney (Australia). So join us, and let’s build this!

Aera Technology is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Pursuant to the San Francisco Fair Chance Ordinance, Aera Technology will consider for employment qualified applicants with arrest and conviction records.

Aera Technology respects the privacy of your data. Please take the time to read our European GDPR privacy candidate notice available here