Today's threatscape is relentless. So are we. At Cyderes, we build practical Identity & Access Management (IAM), Exposure Management, and risk programs, helping organizations stop active threats fast with Managed Detection & Response (MDR) that integrates with existing tools. Powering it all is Meridian, our entity fabric that connects identities, assets, and access into one trusted reality. Augmented by AI and driven by seasoned operators, our tireless global team arms organizations with the people, platforms, and perspectives they need to conquer whatever tomorrow throws their way.
About the Job:
Cyderes is looking for an GRC Analyst. The GRC Analyst will be responsible for daily activities in implementing the information security and compliance programme. You will help maintain audit and compliance projects to ensure policies, standards, procedures, and audit activities are according to business, IT, and regulatory requirements. You will also participate in and support multiple department activities. These activities may include quarterly user access reviews, the development of information security policies, procedures, and standards. Additionally, they may involve training and awareness activities. You will also review and respond to security requirements and inquiries regarding existing or proposed solutions. You will perform internal and external security compliance monitoring activities, manage client audits, IT control audits, and security risk assessments.
To be successful in this role, you must be comfortable with evaluating, documenting, and creating remediation plans. These plans must meet compliance requirements in a specific area. The effectiveness of the implementation and operation of the information security and compliance directives will measure success. You will be reporting to Senior Manager GRC and Security.
Responsibilities:
- Coordinate IT security governance, risk and compliance activities across the enterprise
- Oversee information security compliance activities, including daily, weekly, quarterly and annual security risk assessments – both performing internal assessments and responding to external assessments
- Respond to request for information on Cyderes' security compliance from customers and partners, review and negotiate relevant agreements
- Support efforts for compliance with SOC2, ISO 27001, and other security standards and regulatory frameworks
- Conduct audit readiness assessments and coordinate with internal and external functions and audit resources
- Support the implementation and administration of the Governance, Risk, and Compliance system (GRC)
- Collaborate with other departments to direct security compliance issues to appropriate channels for investigation and resolutions
- Revise and maintain security and controls procedures following applicable regulations
- Ensure Continuous Compliance through Continuous testing of security and privacy control
- Provide recommendations for technology, licencing, and process updates to improve Cyderes overall security posture
- Develop and provide reports to keep management informed of the operation and progress of compliance efforts
Requirements
- Minimum 3 years in a GRC role with at least 1 full year of hands-on administration of a GRC automation tool (Vanta, Drata, or Sprinto). We prefer Vanta.
- Experience in design and implementation of information security policies and controls
- Experience participating in external security audits; SOC2 Type II
- Experience conducting needs assessments and identifying/implementing appropriate solutions
- Knowledge of security technologies and architecture, including encryption, cloud network security design, security group configuration, intrusion detection, data loss prevention and application security
- CISSP, CISM, CISA certifications
- Analyst A (The Internal Builder): Focuses on Vanta, SOC2/ISO mapping, and internal engineering/DevOps agreement.)
- Evidence Collection: Experience translating abstract SOC2 criteria into technical screenshots, logs, or API outputs.
- Experience translating abstract SOC2 Common Criteria or ISO 27001 clauses into applicable technical controls.
- Analyst B (The External/Risk Specialist): Focuses on Third-Party Risk, Customer Questionnaires/Trust Centre, and Privacy (CCPA).
- high proficiency in interpreting SOC2/ISO reports and Data Processing Agreements (DPAs)
- Advanced Third-Party Risk (TPRM) Analysis requires minimum 3 years of hands-on experience. This experience is in evaluating SaaS vendors, with the ability to dissect SOC2 Type II, ISO 27001, and Reach Test reports.
- Vanta Trust Centre & Questionnaire Automation: Proficiency in managing Vanta's Trust Centre and Vendor Risk modules.
- Privacy & Data Protection Liaison: Practical experience navigating Data Processing Agreements (DPAs) and mapping vendor risks to privacy frameworks like, CCPA, or HIPAA.
#LI-Hybrid
This is a hybrid remote/in-office role.
WHY CYDERES?
Benefits that go beyond the basics, we support our people so they can do their best work.
✔ Medical Insurance - Employee + dependents covered
✔ Life Insurance - Protection for what matters most
✔ Retirement Match Program - We invest in your future
✔ Hybrid Work Model - 2–3 days in office
✔ Maternity & Paternity Leave - Time for the moments that matter
✔ Paid Time Off - PTO + sick & casual leave
✔ Bereavement & Volunteer Time - Give back to your community
✔ Professional Development - Reimbursement program
✔ LinkedIn L&D Platform - Thousands of courses at your fingertips
✔ Mobile Phone Reimbursement - Stay connected, on us
Skills Required
- Minimum 3 years in a GRC role with at least 1 year hands-on administration of a GRC automation tool (Vanta, Drata, or Sprinto)
- Hands-on administration and proficiency with Vanta Trust Centre, Questionnaire Automation, and Vendor Risk modules
- Experience designing and implementing information security policies and technical controls
- Experience participating in external security audits, including SOC2 Type II
- Ability to translate SOC2 Common Criteria or ISO 27001 clauses into technical evidence (screenshots, logs, API outputs)
- Advanced Third-Party Risk Management (TPRM) analysis with minimum 3 years evaluating SaaS vendors and SOC2/ISO reports
- High proficiency interpreting SOC2/ISO reports and Data Processing Agreements (DPAs)
- Practical experience with privacy and data protection mapping to frameworks such as CCPA or HIPAA and handling DPAs
- Knowledge of security technologies and architecture: encryption, cloud network design, security group configuration, intrusion detection, DLP, application security
- Relevant certifications: CISSP, CISM, CISA
- Experience conducting security risk assessments, audit readiness assessments, and supporting internal/external audits
- Experience implementing and administering a Governance, Risk, and Compliance (GRC) system
What We Do
Cyderes is a global cybersecurity partner built for today’s relentless threatscape. We specialize in identity-centric security, managed detection and response, and cloud defense—powered by AI and driven by expert operators. Our mission: arm organizations with the people, platforms, and perspective to "be everyday ready.”








