About the role:
The GRC Analyst will be responsible for running and improving Apollo’s risk and compliance program. They will maintain continuous compliance tooling, integrate it with Apollo’s systems, and manage the compliance programs for SOC 2 and ISO 27001. They will manage the company’s risk register and ensure that risks are tracked and remediated. They will manage projects and keep programs updated.
Daily Adventures & Responsibilities:
- Develop our risk management framework
- Own the risk register and keep it updated to present the company’s risk profile.
- Identify Key Risk Indicators and report on deviations.
- Partner with other teams to support them in identifying risks and their response.
- Continuously assess security measures in place for effectiveness, thus highlighting deficiencies for remedial action.
- Run the vendor security assessment process.
- Ensure compliance
- Identify, research, and assess compliance requirements for SOC2, ISO 27000, and other certifications.
- Develop the program and track projects to meet goals successfully.
- Operate and maintain a continuous compliance platform.
- Partner with internal teams to ensure alignment with compliance requirements.
- Gather evidence to demonstrate controls are in place.
- Design reports related to compliance monitoring and improvement activities to ensure compliance with security policies.
- Support sales with security requests.
What We're Looking For:
- 5+ years of experience in information security with exposure to implementing or assessing security controls across all security domains, such as access management, encryption methods, vulnerability management, network security, etc.
- 3+ years of experience supporting compliance programs within the technology space.
- Knowledge of implementing, managing, and auditing security & compliance regulations, standards, and frameworks (SOC, PCI DSS, ISO 27001, GDPR, ITIL, NIST, COBIT).
- Knowledge of cloud platforms such as AWS or GCP.
- Experience developing security and compliance reporting for various audiences, including executive management.
- Comprehensive knowledge of IT security technologies, threats, and vulnerabilities.
- Industry-related compliance, risk, or security management certification is preferred (CISA, CRISC, CISM, CISSP, ISO27000 Lead Auditor).
- Technical competence with automation and GRC tooling.
- Experience with continuous compliance tooling such as Vanta, SecureFrame, Drata, JupiterOne.
- Advanced written and spoken English proficiency.