Governance, Risk, and Compliance (GRC) Analyst
About KandjiKandji is the Apple Device Management and Security Platform. Kandji empowers companies to manage and secure Apple devices in the enterprise and at scale. By centrally securing and managing Mac, iPhone, iPad, and Apple TV devices, IT and InfoSec teams can save countless hours of manual, repetitive work with features like one-click compliance templates and more than 150 pre-built automations, apps, and workflows. Device Harmony is our vision for tearing down the wall between IT and InfoSec to keep every Apple user secure and productive, using connected intelligence and automation. By choosing a career with Kandji, you will play an integral role in contributing to making our vision a reality. Backed by world-class investors such as Tiger Global, Greycroft, B Capital Group, Okta Ventures, the Spruce House Partnership, and First Round Capital, Kandji has raised over $100+M in capital to date.Trusted by industry leaders, Kandji’s rapidly growing customer base includes companies like Ramp, Notion, Attentive, Netskope, Noom, Turo, Groupon, VoxMedia, and more. Recognized for its award-winning products, Kandji was recently named the #1 fastest-growing app in Okta’s 2023 Businesses at Work Report and a G2 Best Software 2023 Award Winner for Fastest Growing Products! The OpportunityKandji is looking for a Governance Risk and Compliance (GRC) Analyst to add to our growing security team. This opportunity provides the ability to work with various teams to evaluate controls, perform control testing to improve the efficiency and effectiveness of the internal control programs. You will facilitate risk assessments and control reviews to accommodate new business areas as well as changes in processes. The GRC Analyst will report to the VP, Security and Trust and work collaboratively with other departments.
How You Will Make A Difference
- In support of multiple frameworks (e.g. ISO27001, SOC2) plan, design and execute controls testing, controls assessment and risk management across all domains for IT General Controls and other GRC requirements, as appropriate
- Conduct risk assessments against products, features, datasets, applications, and Third Party Risk Management (TPRM)
- Partner to evaluate the design and effectiveness of the technical and operational control environment
- Execute compliance programs that facilitate growth and maturity of controls across Kandji
- Provide direction and guidance in pre-implementation reviews of new systems and services to ensure proper controls are implemented and executed to meet compliance
- Validate information security key controls to identify control risks, analyze root causes and trends in potential control weaknesses; suggest new controls to meet GRC standards where applicable
- Be a trusted advisor for in scope internal and external audits to expedite reviews and mitigate operational impacts
- Execute strategies for ensuring organizational compliance with SOC2, GDPR, Data Privacy, federal, state, and local government compliance, or similar regulations.
- Assist with the preparation of reports and presentations for management and regulatory agencies.
- Assist in the development and implementation of compliance training and awareness programs.
We'd Love To Hear From You If you have
- Three (3) years or more of relevant experience in risk-based technology compliance management programs, or Auditing experience
- Experience in performing risk-based testing for control compliance, including the identification, assessment, and mitigation of compliance issues: understanding how to balance the company's risk appetite to compliance needs/requirements
- Detailed knowledge and experience with technology controls across a variety of industry frameworks and how to assess controls supporting compliance for SOC2, FedRamp, CMMC, ISO 27001, and Privacy.
- Detailed knowledge of information security, technology compliance management industry frameworks and standards: NIST, OWASP, SANS, ISO-27001/2, SANS, and/or Cobit
- Experience developing dynamic approaches to the implementation of a technology compliance program utilizing a variety of testing methods, both manual and automated, to provide qualitative and quantitative results where applicable
- Strong analytical and problem-solving skills.
- Excellent written and verbal communication skills.
- Ability to manage multiple priorities and deadlines.
- Required to work on-site 3 days a week (Tuesday, Wednesday, Thursday). Managers may require additional on-site days.
Nice To Haves
- Experience and familiarity with cloud data security and working with public cloud solutions (AWS)
- Experience working with a Governance Risk and Compliance technologies
- Certifications such as CISA, CRISC, CISSP
Competencies
- Values Differences
- Communicates Effectively
- Instills Trust
- Action Oriented
- Always Learning
- Execution
- Planning & Time Management