Senior Governance, Risk, and Compliance (GRC) Analyst

Founded in 2018 in Dublin by experienced security leaders, Tines is a no-code platform designed to automate any manual task, regardless of complexity. By automating workflows, security and IT teams can reduce monotonous, manual work and free up valuable time and resources.

Tines directly connects with your existing tools, giving anyone on your team the power to streamline their work without the need for apps, plugins, or custom code. Tines is creating a brand new category of transformative and innovative enterprise software, backed by industry-leading investors and trusted security teams.

We’re excited about what we’re doing and what’s to come, and we’re looking for others who can lead by our values of Simplicity, Speed, and Soundness. Because Tines is about delivering exceptional customer experiences, while creating a company culture that nurtures individual curiosity, growth, and integrity.

We're hiring our first Senior Governance, Risk, and Compliance (GRC) Analyst to join the Tines team and help drive our compliance function. This position will report to the Head of IT Operations & Information Security. We’re already SOC2 Compliant, but you’ll help us maintain our certification and assess others as we scale and grow. You’ll be responsible for performing our internal assessments and working with external auditors. This role will facilitate customer due diligence questionnaires and maintain our own internal vendor audit function. You’ll also have a suite of tools and processes currently in place to help you automate all of this to scale.

Location: This is a remote role that can be based anywhere in Ireland. 

What you will be doing:

• Evaluate vendors for risk and determine if their controls and standards are sufficient before acquisition.
• Develop partnerships with business partners and other stakeholders to ensure security policy and procedures are effective.
• Plan and manage our internal and external audits, collect and review evidence, deliver evidence to auditors, etc. 
• Perform on-going risk analysis for systems, processes, third-party tools/applications and configurations.
• Maintain knowledge of certifications and controls such as SOC 2, ISO 27001 / ISO 27018, NIST 800-53, and FedRAMP.
• Assist in developing a risk and compliance control framework based on industry-leading standards.
• Maintain and update our policies following industry best practice.
• Respond to customer inquiries, questionnaires, and audits as part of their due diligence process.
• Maintain our Tines Security Pack with the most relevant and up to date documentation to establish and maintain customer trust.
• Advise internal teams in meeting organizational & compliance requirements.
• Collaborate with our legal team on privacy initiatives or inquiries.
• Assess vendors and tools to scale and improve the organizational compliance function.

What you bring with you:

• At least 5 years relevant GRC industry experience
• Your background has a blend of working in IT external/internal audits and compliance 
• You’ve a track record performing vendor due diligence
• You’ve got solid exposure to infosec, privacy and software development practices 
• You’ve worked in a fast-paced, remote SaaS environment before
• Passionate about security, privacy, and compliance
• You understand technical controls
• Your qualifications include industry relevant certifications such as CISSP, CISA. 
• A bonus (but not essential) would be experience automating compliance tasks. 
• Highly desirable if you've worked in a SaaS scaleup environment

At Tines, we’re all about trying new things and taking the leap. If you’re second-guessing your application, we hope you’ll trust your gut and take the leap too! Applying for a new job isn’t always easy, especially if you’re thinking of a career pivot – but we’re big believers in learning and growth here at Tines, so you’ve nothing to worry about. A variety of experience, perspectives, and voices makes us the company we are. We’d love to hear from you.

Tines provides equal employment opportunities to all employees and applicants for employment without regard to sex, race, colour, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion, membership of a national minority, property, birth, disability, age or sexual orientation.