Governance, Risk and Compliance (GRC) Analyst
Company: Kandji
Location: San Francisco
Posted on: February 1, 2025
Job Description:
About Kandji is the Apple Device Management and Security
Platform. Kandji empowers companies to manage and secure Apple
devices in the enterprise and at scale. By centrally securing and
managing Mac, iPhone, iPad, and Apple TV devices, IT and InfoSec
teams can save countless hours of manual, repetitive work with
features like one-click compliance templates and more than 150
pre-built automations, apps, and workflows.Device Harmony is our
vision for tearing down the wall between IT and InfoSec to keep
every Apple user secure and productive, using connected
intelligence and automation. By choosing a career with Kandji, you
will play an integral role in contributing to making our vision a
reality. Backed by world-class investors such as Tiger Global,
Greycroft, B Capital Group, Okta Ventures, the Spruce House
Partnership, and First Round Capital, Kandji has raised over $100+M
in capital to date.Trusted by industry leaders, Kandji's rapidly
growing customer base includes companies like Ramp, Notion,
Netskope, Noom, Turo, Groupon, VoxMedia, and more.Recognized for
its award-winning products, Kandji was recently named the #1
fastest-growing app in Okta's 2023 Businesses at Work Report and a
G2 Best Software 2023 Award Winner for Fastest Growing Products!The
OpportunityKandji is looking for a Senior Governance Risk and
Compliance (GRC) Analyst II to add to our growing Security, IT and
Trust teams. The GRC team is part of the Kandji Security and Trust
organization and manages key pillars of the Kandji Risk Management
framework. The GRC team is responsible for Customer Assurance,
Security Compliance, Policy Governance, Information Security Risk
Assessment, Third Party Risk Management, Security Compliance
training and awareness, and Privacy.This opportunity provides the
ability to work with various teams to evaluate controls, perform
control testing to improve the efficiency and effectiveness of the
internal control programs. This includes facilitating the
development and maintenance of standards, processes, and tooling in
order to promote scalability, repeatability and growth of the
function. You will also facilitate risk assessments and control
reviews to accommodate new business areas as well as changes in
processes. This includes management of information security risk
assessment process, defining and creating risk methodology,
developing new or expanding product risk analysis. The Senior GRC
Analyst II will report to the Team Lead, GRC and work
collaboratively with other departments across Kandji.How you will
make a difference
- In support of multiple frameworks (e.g. ISO 27XXX, SOC2) plan,
design and execute controls testing, controls assessment and risk
management practices.
- Develop and execute on dynamic risk-based information security
risk management and third party risk management programs.
- Execute on the risk assessment life cycle including identifying
key risks, assessing risks and controls, calculating residual risk,
identifying areas of improvement and collaborating with control
owners on remediation plans against products, features, datasets,
applications, and third parties.
- Collaborate with cross-functional teams to develop and
implement privacy policies, procedures, and controls to mitigate
data privacy risks.
- Provide expertise and guidance on data privacy laws and
regulations, including GDPR, CPRA, EU AI Act and other relevant
frameworks.
- Design and execute strategies for ensuring organizational
compliance with SOC2, GDPR, Data Privacy, federal, state, and local
government compliance, or similar regulations.
- Conduct impact assessments (PIAs, BIAs, AIIAs) and assist in
developing strategies to address identified risks.
- Conduct data classification assessments to identify and
categorize sensitive information based on its level of
confidentiality, criticality, and regulatory implications.
- Be a trusted advisor for internal audit programs to expedite
reviews and mitigate operational impacts.
- Assist with the preparation of reports and presentations for
management and regulatory agencies.
- Support in the development and implementation of compliance
training and awareness programs.
- Participate or lead special ad-hoc projects or initiatives as
assigned.We'd love to hear from you if you have
- Seven (7) years or more of relevant experience in risk-based
technology compliance management programs, or Auditing
experience.
- Experience in performing risk-based testing for control
compliance, including the identification, assessment, and
mitigation of compliance issues: understanding how to balance the
company's risk appetite to compliance needs/requirements.
- Detailed knowledge and experience with technology controls
across a variety of industry frameworks and how to assess controls
supporting compliance for SOC2, FedRamp, CMMC, ISO 27001, ISO
27701, ISO 42001, CSA Star and global privacy regulations.
- Detailed knowledge of information security, technology
compliance management industry frameworks and standards: NIST,
OWASP, SANS, ISO-27001/2.
- Experience developing dynamic approaches to the implementation
of a technology compliance program utilizing a variety of testing
methods, both manual and automated, to provide qualitative and
quantitative results where applicable.
- Strong analytical and problem-solving skills.
- Excellent project management, written and verbal communication
skills.
- Ability to manage multiple priorities and deadlines.
- Proven track record as a strong cross-teams collaborator and
team player, dealing with complex programs and influencing
cross-functional audiences.
- Required to work on-site 3 days a week (Tuesday, Wednesday,
Thursday) in San Francisco or 4 days a week (Monday through
Thursday) in Miami. Managers may require additional on-site
days.Nice to haves
- Experience and familiarity with cloud data security and working
with public cloud solutions (AWS).
- Experience working with Governance Risk and Compliance
technologies.
- Experience implementing Data Privacy technologies.
- Certifications such as CISA, CIPT, CRISC, CISSP,
CCSP.Competencies
- Values Differences
- Communicates Effectively
- Instills Trust
- Action Oriented
- Always Learning
- Execution
- Planning & Time Management$175,000 - $200,000 a yearThese
requirements are for the strongest, ideal candidate. Even if you do
not outperform every bullet point, Kandji encourages you to apply.
We promote a diverse, equitable, and inclusive culture and
recognize that even the strongest candidates won't have all desired
experiences and qualifications.Benefits & Perks--- Competitive
salary--- 100% individual and dependent medical + dental + vision
coverage--- 401(k) with a 4% company match--- 20 days PTO--- 14
paid holidays per year--- 10 health and wellness days per year---
Kandji Wellness Week Off July 1 - July 5, 2024--- Equity for
full-time employees--- 12 weeks of paid leave for new parents---
Paid Family and Medical Leave--- Modern Health - Mental Health
Benefits - Individual and Dependents--- Monthly Utilities
stipend--- Gym Membership--- Lunch 3 Days/Week--- Exciting
opportunities for career growth--- An outstanding, inclusive
cultureWe are excited to be serving a significant need for a
fast-growing market, and are proud of the high-performing team we
have brought together so far. If you're someone who wants to engage
in new, exciting projects that will challenge your skills in the
best way possible, we would love to connect with you.At Kandji we
believe in fostering an inclusive environment in which employees
feel encouraged to share their unique perspectives, leverage their
strengths, and act authentically. We know that diverse teams are
strong teams, and welcome those from all backgrounds and varying
experiences.Kandji is proud to be an equal opportunity employer
committed to diversity and inclusion in the workplace. Qualified
applicants will be considered for employment without regard to
race, color, religion, national origin, age, sex, sexual
orientation, gender identity, physical or mental disability,
protected veteran or military status or any other status protected
by applicable law.
#J-18808-Ljbffr
Keywords: Kandji, Cupertino , Governance, Risk and Compliance (GRC) Analyst, Professions , San Francisco, California
Didn't find what you're looking for? Search again!
Loading more jobs...