Red Canary

Principal Governance Risk & Compliance Analyst

Job Description

Challenges You Will Solve
At Red Canary, the protection of our customers and employees is of the utmost importance. Red Canary’s Governance, Risk & Compliance (GRC) team provides oversight to ensure that our people, platforms, and data remain secure in compliance with our policies and applicable laws. 

As a Principal GRC Analyst, you will help ensure that our controls, policies, and procedures are  designed, implemented, and tested to deliver the best possible outcomes for Red Canary and our customers. Reporting to the General Counsel, the Principal GRC Analyst is responsible for activities and improvements across the entire scope of Red Canary’s GRC programs.


What You'll Do
  • Lead governance, risk, and compliance initiatives.
  • Lead regular reviews to ensure that policies and controls are effective, while aligning them to company values and all applicable compliance requirements; identify potential improvements and manage their implementation.
  • Identify, design, and lead projects to automate the collection and presentation of auditing data for internal and external consumption.
  • Lead internal audits and risk assessments of the Red Canary environment; identify potential improvements and manage their implementation.
  • Schedule, prepare for, and lead annual external audits against SOC 2 Type II, ISO 27001, ISO 27701, and other standards.
  • Maintain security and compliance certifications; identify and manage new certification initiatives.
  • Lead the vendor risk management function for evaluating Red Canary’s vendors and partners to identify potential risks; identify potential improvements and manage their implementation.
  • Lead the response to questions and questionnaires from customers, potential customers, and partners regarding security and compliance; identify potential improvements and manage their implementation.
  • Support the sales team in vetting security and compliance terms in customer contracts.
  • Help oversee security awareness training that is both relevant and instructive.
  • Lead relevant and engaging business continuity and incident response exercises. 

    • What You'll Bring
  • 5+ years of experience with SOC 2 Type II and ISO 27001 audits.  Experience with audits under ISO 27701, FedRAMP, and CMMC experience is a plus.
  • 5+ years of managing or performing security questionnaires and vendor assessments.
  • Experience addressing security and compliance terms in commercial contracts.
  • The ability to articulate and shift between various compliance and regulatory frameworks.  
  • An understanding of the unique risks presented by cloud-native architecture and compliance and audit strategies for environments heavily reliant on SaaS.
  • Strong experience interacting with auditors and gaining their confidence as a source of truth.
  • Expertise in designing and managing strategies to identify, articulate, and mitigate risks.
  • Experience in designing and implementing automation to the collection and presentation of audit data.
  • Outstanding written and verbal communication skills.
  • A practical mindset that can balance compliance and business needs.
  • The ability to lead multiple projects simultaneously.  
  • A patient and positive attitude.

    • Apply Now
    Job Summary

    Care Access Research

    Provider Partnerships Manager

    What We DoCare Access is delivering the future of medicine today! Care Access has a revolutionary model that breaks down traditional barriers to clinical trials that limi;
    • USA Only
    • 3 days ago

    Assistantly

    Accountant

    Why Assistantly:At Assistantly, we connect talented professionals with opportunities tailored to their skills and aspirations. Join our vibrant unicorn community, where y;
    • Philippines
    • 3 days ago

    Jeffreym Consulting

    Operations Manager, Customer Success

    ** This is a remote contract position that starts ASAP and goes through December 31st, 2025, with potential to extend **Our client's Customer Success team is seeking an e;
    • USA Only
    • $62400-$68640
    • 2 days ago

    Jobgether

    Technical Operations Manager - F/M - (Remote - France)

    Jobgether has ALL remote jobs globally. We match you to roles where you're most likely to succeed, and provide feedback on every application to help you learn. No more gu;
    • France Only
    • 2 days ago