Senior GRC Analyst

1 Day ago • 7 Years + • $200,000 PA - $225,000 PA

Job Summary

Job Description

The Senior GRC Analyst role at Postman involves leading and coordinating risk and compliance projects, including SOC2, ISO 27XXX, HITRUST, and FedRAMP. This role contributes to the development and improvement of the company's risk program, compliance initiatives, and overall security risk posture. The analyst will lead critical control activities, quantify risks, evaluate mitigations, and drive action to reduce risk. They will streamline compliance audit activities, establish and contribute to risk and compliance activities with continuous controls monitoring, and mentor team members and stakeholders. This role requires experience with multiple technologies, compliance requirements, and risk management methodologies.
Must have:
  • 7+ years of experience in cybersecurity GRC
  • Experience with compliance programs like SOC2
  • Knowledge of information security and audits
  • Experience with risk management programs
Good to have:
  • Certifications such as CISSP, CRISC, CISA, or CISM
Perks:
  • Full medical coverage
  • Flexible PTO
  • Wellness reimbursement
  • Monthly lunch stipend
  • Creche allowance
  • Team-building events
  • Donation-matching program

Job Details

Who Are We?

Postman is the world’s leading API platform, used by more than 40 million developers and 500,000 organizations, including 98% of the Fortune 500. Postman is helping developers and professionals across the globe build the API-first world by simplifying each step of the API lifecycle and streamlining collaboration—enabling users to create better APIs, faster.

The company is headquartered in San Francisco and has an office in Bangalore, where it was founded. Postman is privately held, with funding from Battery Ventures, BOND, Coatue, CRV, Insight Partners, and Nexus Venture Partners. Learn more at postman.com or connect with Postman on X via @getpostman.

P.S: We highly recommend reading The "API-First World" graphic novel to understand the bigger picture and our vision at Postman.

The Opportunity

The Senior GRC Analyst role will be part of the Security GRC team at Postman.  The Security GRC team is responsible for the overall security posture of Postman by ensuring compliance with applicable regulations and contractual obligations and maintaining effective and efficient governance, risk, and compliance programs.  In addition, the Security GRC team is directly involved with supporting and enabling Sales and driving security and compliance initiatives to further the growth of Postman.

We seek a Senior GRC Analyst with extensive experience implementing, managing, and maturing compliance programs, including but not limited to SOC 2, ISO 27xxx, HIPAA, GDPR, CCPA, and FedRAMP.  This role must possess a significant level of technical knowledge that allows for clear communication with engineering stakeholders and the ability to provide actionable guidance and recommendations on processes (e.g. translate risk language to engineering requirements).

As a senior member of the Security GRC team, this role will be instrumental in guiding the strategy of the GRC program in partnership with senior management. In addition to technical acumen, the role requires an individual who is results-oriented and pragmatic and demonstrates effective problem-solving and communication skills. The Senior GRC Analyst often serves as a subject matter expert for colleagues and line-of-business managers, and experience with multiple technologies, compliance requirements and risk management methodologies is crucial.

What you’ll do

  • Lead and coordinate high visibility projects for our risk & compliance roadmap, including: SOC2, ISO 27XXX, HITRUST, and FedRAMP.
  • Contribute to the development, management, and ongoing improvement of the company risk program, compliance initiatives, and overall security risk posture.
  • Lead the development and maturity of critical risk domains such as third party risk management and business resilience.
  • Lead critical control activities with stakeholders across the business, quantifying risks, evaluating mitigations, and driving action to measurably reduce risk.
  • Lead, participate, and innovate on processes to streamline compliance audit activities with external auditors and internal control owners to ensure successful completion of audit requirements with minimal toil.
  • Establish and contribute to risk and compliance activities with an eye toward continuous controls monitoring automation.
  • Act as a mentor, advisory, and escalation point for team members and stakeholders.

About You

  • 7+ years of hands-on experience in cybersecurity governance, risk, and compliance, preferably within fast-paced technology companies.
  • Bachelor’s degree in computer science, information security/cybersecurity, or related field or relevant work experience.
  • Relevant certifications such as CISSP, CRISC, CISA, or CISM a plus.
  • Knowledge of and experience implementing, managing, and maturing GRC programs with a bias to action, ability to design effective but pragmatic solutions with an ability to balance short term and long term goals.
  • Proficient technical knowledge and familiarity with management information systems, cybersecurity, audits and internal controls.
  • Experience working with engineering and non-engineering stakeholders to drive successful risk activities.
  • Experience with establishing and maturing third party risk management programs, with a proven ability to balance third party risk with business need.
  • Experience identifying gaps, creating and tracking correction action and mitigation plans to closure at scale.
  • Self-motivated and well-organized to accomplish goals and tasks completely and on time.
  • Experience successfully driving risk & compliance programs in globally distributed organizations.

The reasonably estimated base salary for this role ranges from $200,000 to $225,000, plus a competitive equity package. Actual compensation is based on the candidate's skills, qualifications, and experience.

What Else?

In addition to Postman's pay-on-performance philosophy, and a flexible schedule working with a fun, collaborative team, Postman offers a comprehensive set of benefits, including full medical coverage, flexible PTO, wellness reimbursement, and a monthly lunch stipend. Along with that, our wellness programs will help you stay in the best of your physical and mental health. If you have little ones in your family, the creche allowance can help in supporting your work-life balance. Our frequent and fascinating team-building events will keep you connected, while our donation-matching program can support the causes you care about. We’re building a long-term company with an inclusive culture where everyone can be the best version of themselves. 

At Postman, we embrace a hybrid work model. For all roles based out of San Francisco Bay Area, Boston, Bangalore, Noida, Hyderabad, and New York, employees are expected to come into the office 3-days a week. We were thoughtful in our approach which is based on balancing flexibility and collaboration and grounded in feedback from our workforce, leadership team, and peers. The benefits of our hybrid office model will be shared knowledge, brainstorming sessions, communication, and building trust in-person that cannot be replicated via zoom.

Our Values

At Postman, we create with the same curiosity that we see in our users. We value transparency and honest communication about not only successes, but also failures. In our work, we focus on specific goals that add up to a larger vision. Our inclusive work culture ensures that everyone is valued equally as important pieces of our final product. We are dedicated to delivering the best products we can.

Equal opportunity

Postman is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this website or directly to managers. Postman does not accept unsolicited headhunter and agency resumes. Postman will not pay fees to any third-party agency or company that does not have a signed agreement with Postman.

Similar Jobs

N-iX - Senior .NET Engineer

N-iX

Colombia (Remote)
2 Weeks ago
N-iX - Senior Manual QA (With Data Experience)

N-iX

Ukraine (Remote)
2 Weeks ago
Postman - Senior Backend Engineer - AI / LLM Code

Postman

San Francisco, California, United States (Hybrid)
1 Day ago
Postman - Senior Product Manager, API Collaboration

Postman

San Francisco, California, United States (Hybrid)
1 Day ago
Survay Monkey - Senior Software Engineer in Test II

Survay Monkey

Bengaluru, Karnataka, India (Hybrid)
9 Hours ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

Moolya - Software Development Engineer in Test (SDET)

Moolya

Bengaluru, Karnataka, India (On-Site)
7 Months ago
Postman - Senior Full Stack Engineer, AI Tools

Postman

New York, New York, United States (Hybrid)
1 Day ago
Avathon - Quality Assurance Engineer

Avathon

Bengaluru, Karnataka, India (On-Site)
5 Months ago
Invenio - MuleSoft Senior Consultant

Invenio

Hyderabad, Telangana, India (On-Site)
1 Month ago
Postman - Account Development Representative

Postman

San Francisco, California, United States (Hybrid)
1 Day ago
N-iX - Senior AQA Engineer (With C# and JavaScript)

N-iX

Poland (Remote)
1 Month ago
Zeta - Software Development Engineer in Test I / II

Zeta

Hyderabad, Telangana, India (On-Site)
6 Months ago
Mayhem Studios - QA Engineer I - Automation

Mayhem Studios

Bengaluru, Karnataka, India (On-Site)
1 Month ago
Postman - Staff Engineer, Developer Tooling

Postman

San Francisco, California, United States (Hybrid)
1 Day ago
Veeva Systems - Software Engineer - Test Automation (Digital Events)

Veeva Systems

Hyderabad, Telangana, India (Hybrid)
7 Months ago

Get notifed when new similar jobs are uploaded

Jobs in Boston, Massachusetts, United States

Sbm management - Custodian/CSR

Sbm management

Dallas, Texas, United States (On-Site)
2 Months ago
matchgroup - Staff Machine Learning Engineer, Growth

matchgroup

New York, New York, United States (Hybrid)
3 Days ago
Sports radar - Synergy Sports Showcase Softball/Baseball Video Scouts

Sports radar

Arizona City, Arizona, United States (On-Site)
6 Months ago
Adyen - Legal Counsel, Commercial

Adyen

San Francisco, California, United States (On-Site)
9 Hours ago
ByteDance - Strategic Partnerships & Business Development Manager - XR/Android

ByteDance

San Francisco, California, United States (On-Site)
1 Month ago
Google - Social Analytics and Escalations Manager, YouTube Operations

Google

San Bruno, California, United States (On-Site)
2 Days ago
Scout - Staff Software Engineer, Backend

Scout

Fremont, California, United States (Hybrid)
1 Day ago
Mindstorm studios - QA Manager

Mindstorm studios

Boston, Massachusetts, United States (On-Site)
1 Day ago
New York Times - Senior Producer, Video, L.A. Bureau

New York Times

Los Angeles, California, United States (Hybrid)
1 Day ago
Pentair - Mechanical Engineer

Pentair

Brookfield, Wisconsin, United States (On-Site)
21 Hours ago

Get notifed when new similar jobs are uploaded

Similar Category Jobs

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

About The Company

London, England, United Kingdom (Hybrid)

Hyderabad, Telangana, India (On-Site)

New York, New York, United States (Hybrid)

Bengaluru, Karnataka, India (Hybrid)

Bengaluru, Karnataka, India (Hybrid)

San Francisco, California, United States (Hybrid)

San Francisco, California, United States (Hybrid)

San Francisco, California, United States (On-Site)

View All Jobs

Get notified when new jobs are added by Postman

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug