Security GRC Analyst

Description

About Exabeam

Exabeam is a global leader in intelligence-driven and automated cybersecurity solutions that power modern security operations. As a pioneer in threat detection, investigation, and response (TDIR), Exabeam helps organizations proactively manage and mitigate cyber risk. Learn more at www.exabeam.com

.

Position Overview

The Security GRC Analyst is a key member of Exabeam’s Governance, Risk, and Compliance (GRC) team. This role is responsible for leading and supporting critical components of the company’s cybersecurity compliance programs, third-party risk management processes, and governance initiatives. The ideal candidate will have deep familiarity with regulatory and industry frameworks such as CMMC, NIST, and ISO 27001, and be comfortable working cross-functionally with Legal, Product, and Security stakeholders.

Key Responsibilities

• Lead the strategy, execution, and continuous improvement of the company’s compliance program, including gap assessments, remediation plans, and policy documentation
• Develop, update, and maintain cybersecurity policies, standards, and procedures in alignment with NIST, CMMC, and ISO 27001 frameworks
• Serve as a liaison to external consultants, auditors, and government partners on matters related to CMMC, ISO 27001, and other compliance efforts
• Collaborate with Legal during the contract negotiation process, including providing risk-based feedback and proposed alternatives for security/privacy-related terms
• Manage and respond to incoming GRC-related inquiries and support customer RFPs and assurance documentatio
• Manage the internal security risk register and perform formal risk assessments using industry-standard methodologies
• Conduct and oversee third-party/vendor risk assessments; collaborate with procurement and business owners to assess and mitigate vendor-related risks
• Complete customer security questionnaires, showcasing Exabeam’s security posture and compliance with global data protection regulations (e.g., GDPR, CCPA, HIPAA)
• Contribute to cross-functional GRC initiatives including security awareness training, internal control evaluations, audit readiness, and program maturity assessments
• Support internal audits and external assessments, including SOC 2, ISO 27001 surveillance and certification audits

Qualifications

• Bachelor's degree in Information Security, Risk Management, Business, or a closely related field required
• 3-5+ years of experience in Information Security, GRC, Risk Management, or Compliance
• Proven experience supporting compliance frameworks (e.g., NIST 800-171/53, CMMC, ISO 27001, SOC 2, FedRAMP)
• Demonstrated experience leading or supporting compliance programs and internal/external audits
• Excellent problem-solving, analytical, and critical thinking skills
• Ability to collaborate across Legal, Security, Product, and Engineering teams in a fast-paced environment
• Strong communication and documentation skills, with the ability to deliver clear and concise reporting to both technical and executive audiences
• Self-motivated, well-organized, and capable of managing multiple workstreams with minimal oversight
• Familiarity with cloud platforms (AWS, Azure, GCP) and associated compliance implications
• Understanding of regulatory obligations: GDPR, CCPA, HIPAA, and other data protection laws

Preferred Skills

• Experience with risk management tools and GRC platforms
• Background supporting contract reviews and negotiations for security/privacy clauses
• Experience with policy development, training programs, and control implementation initiatives
• CISA, CISSP, CISM, CRISC, ISO 27001 Lead Auditor

Exabeam Total Rewards offers you: (Subject to applicate eligibility requirements)

• Extensive medical, dental and vision coverage to meet your healthcare needs and employer Health Savings Account contribution to help pay for health expenses now or in the future
• Generous 401(k) employer match to help you save for your future
• Paid Time off including “take what you need” flex time, volunteer day of service, your birthday, parental leave, holidays and more
• Widespread learning center for career planning and skill development to grow your career
• A culture of passionate, diverse, committed professionals

The annual starting salary for this position is between $138,000 and $178,000, depending on experience and other qualifications of the successful candidate.

Bring your Whole Self to Work! Diversity, equity, and inclusion are at the core of who we are. At Exabeam, we know that diverse perspectives spark innovation, improve creativity, and position our team for success. Creating a culture where all are welcomed, valued, and empowered to achieve their full potential is important to who we are today and in the future. We hire the best of the best and do not discriminate based on race, gender, age, religion, sexual orientation, identity, or other personal factors.

Exabeam is proud to be an equal opportunity employer. We are committed to equal opportunity regardless of race, color, ancestry, religion, gender, gender identity, genetic information, parental or pregnancy status, national origin, sexual orientation, age, citizenship, marital status, disability, or Veteran status.

Exabeam and LogRhythm have merged. You can learn more about our cybersecurity powerhouse here.