Senior Security Analyst, GRC

Company Overview

LogRhythm is a Boulder-based security intelligence software company that empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. Globally the company has consistently been recognized as a market leader and now as a challenger in the cloud native SaaS space with Axon. We’ve earned a reputation as a company with a dynamic culture that’s committed to accelerated innovation cycles, thoughtful career development for our employees, and securing our customers from the most sophisticated cyber threats of the day.

Position Overview: Senior Security Analyst, GRC and Awareness

The Senior Security Analyst, in the Governance, Risk and Compliance (GRC) group, will report directly to the Deputy Chief Information Security Officer of LogRhythm. You will have overall responsibility for LogRhythm’s GRC and security awareness programs. You will be responsible for ensuring compliance with regulations and certifications such as the Global Data Protection Regulation (GDPR), TRUSTe, Privacy Shield, SOC2, ISO27001, HIPAA, PCI, CCPA, and FedRamp. You will develop, maintain, and ensure compliance with corporate policies, standards, and procedures in alignment with ISO27001 and NIST security frameworks. You will be responsible for reviewing contracts and agreements in a security context to ensure we can meet the security needs of our customers. You will manage the risk inventory. You will work closely with other security team members in completing cross functional projects. 

This is an opportunity to own the governance, risk, compliance, and security awareness programs for a fast-paced, innovative, security product company.

Responsibilities

• Establish and maintain LogRhythm’s governance, risk, compliance, and security awareness programs
• Work with key stakeholders to ensure compliance with various regulations, such as the Global Data Protection Regulation (GDPR)
• Maintain or develop LogRhythm’s various compliance certifications, such as TRUSTe, Privacy Shield, SOC2, ISO27001, FedRamp, HIPAA, PCI, and CCPA
• Develop and maintain corporate policies, standards, and procedures in alignment with ISO27001, NIST, and SOC2 frameworks and controls
• Ensure business units are in compliance with all policies, standards, and procedures
• Prioritize and drive remediation of security gaps; across all departments
• Monitor and report on the compliance and risk landscape of the company
• Liaison for completion of third-party risk questionnaires, contracts, and management of our response database
• Work closely with other team members in completing cross functional projects and ensuring that other teams are accountable to governance, risk, and compliance regulations
• Define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements
• Create and manage the education and awareness programs; content, delivery, compliance, phishing and other testing, etc.
• Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies
• Participate in risk remediation efforts across business units
• Manage vendors and third party risk
• Establish processes to review implementation of new technologies to ensure security compliance 

Skills

• Experience auditing and applying control processes to networks and applications
• Knowledge of compliance regulations (GDPR, CCPA, etc.) and security frameworks (ISO27001, NIST, SOC2)
• Experience developing corporate security policies, standards, and procedures
• Experience with security and risk management
• Ability to apply knowledge by reading and interpreting regulations to formulate real world controls
• Understanding of cloud environments (GCP, AWS, Azure)
• Strong teamwork and collaboration skills with the ability to work across multiple business units (Engineering, HR, Legal, etc.) with multiple stakeholders to drive remediation of security gaps
• Strong facilitation and presentation skills and experience influencing and presenting at all levels including Senior business executives.
• Excellent written and verbal communication skills
• Strong critical thinking/problem solving skills
• Previous consulting, legal, and audit experience is a plus
• Experience in vendor management is a plus
• Understanding of solution delivery lifecycle and architecture is a plus
• Industry recognized certifications in security is a plus (CRISC, GRCP, CGEIT, ITIL, CISSP, CISM, CISA)

Benefits:

LogRhythm offers the following benefits for this position, subject to applicable eligibility requirements:

·    Medical

·    Dental

·   401k plan

·  Flexible time off

·    Vision

·    HSA 

·    FSA 

·   EAP

·  Birthday Day off 

Salary:    

The annual starting salary for this position is between 120k-150k Annually depending on experience and other qualifications of the successful candidate.

Bring your Whole Self to Work!

Diversity, equity, and inclusion are at the core of who we are. At LogRhythm, we know that diverse perspectives spark innovation, improve creativity, and position our team for success. Creating a culture where all are welcomed, valued, and empowered to achieve their full potential is important to who we are today and in the future. We hire the best of the best and do not discriminate based on race, gender, age, religion, sexual orientation, identity, or other personal factors.

About us: 

• Gartner Leader in Security
• TB company
• Award-winning NexGen SIEM Platform