Suzy puts the voice of the consumer at your fingertips. Whether you’re a novice or an expert researcher, our platform brings advanced tools together with the highest quality audience to deliver insights in minutes. Some of the biggest brands in the world use Suzy to deliver breakthrough products and experiences backed by data-driven decisions. Learn more at www.suzy.com.
The Governance, Risk, Compliance (GRC) Analyst will manage policies, procedures, and standards to govern the protection of corporate information systems, networks, data, and 3rd party services. The analyst will stay up to date on the latest cybersecurity intelligence while managing privacy workflows to ensure the company meets regulatory compliance.
Responsibilities
Third Party Risk Management
Provide oversight, coordination, and deliver the activities supporting successful risk management activities around third parties
Perform risk analysis for systems, processes, third-party tools/applications, and configurations
Perform Third Party Risk Management (TPRM) functions and analyze SOC-2 and other reporting from vendors
Respond to initial and annual security questionnaires from customers
Controls and Risk Management
Manage company’s Risk Register
Perform periodic risk assessments
Document the results and develop a plan of action and milestones for mitigating identified risk
Gather data for metric reporting for company’s Information Security and Privacy Council
Audits
Coordinate multiple large-scale audit projects and programs simultaneously
Help implement Governance, Risk and Control tool
Document business ownership and responsibilities of security controls using the company’s GRC tool
Schedule and perform regular assessments (internal and external) to test the effectiveness of controls
Manage remediation efforts for the identified gaps including assessment of new or enhanced implemented controls
Coordinate, track, and verify remediation of audit findings
Asset Management
Maintain Suzy’s information asset inventory with accurate and updated information
Identify and rank the value, sensitivity, and criticality of the operations and assets that could be affected should a threat materialize
Basic Qualifications
Creative problem solver and desire to learn
Willing to #getyourhandsdirty and work across cross-functional teams
Bachelor’s degree or equivalent work experience (Information Technology, Engineering, Cybersecurity, Audit, Risk, Compliance, or a related technical field)
Familiarity with industry security frameworks, including SCF, ISO, SOC, and NIST
Audit, compliance, and/or risk management experience
Experience in Project Management Methodologies
Experience testing or auditing technical controls
Preferred Qualifications
Certified Information Security Auditor/Manager (CISA/M) designation or CISSP, CRISC, CISA, CIPT, CIPP
Direct participation in ISO/SOC audits
Understanding of Enterprise Risk Management and Strategy frameworks
Providing consultative information security or risk management services to a broad range of companies
Experience proposing enterprise level solutions to mitigate risk
Experience creating and managing corporate security policies
Microsoft cloud technical certifications
Benefits:
We take care of our employees and their families. We have generous health dental and vision benefits, and our 401K plan vests immediately
A friendly, fun, and collaborative work environment that allows for frequent exposure to executives
The opportunity to make an immediate impact as a part of a fast-growing company
The target base compensation for this role is $125,000 - $135,000.
Suzy is an equal opportunity employer. We are a welcoming place for everyone, and we do our best to ensure all people feel supported and connected at work.
Suzy is committed to protecting its customers, employees, partners, and the company as a whole, from damaging acts that are intentional or unintentional. Effective security is a team effort involving the participation and support of every user who interacts with company information/data and systems. It is the responsibility of each individual to help protect company information assets.
#LI-Remote #LI-LH1
Click Here to view our Applicant Privacy Notice
Similar Jobs
What We Do
Suzy is an end-to-end consumer insights platform that integrates quant, qual, and high-quality audiences into a single connected research cloud. Founded in 2018, Suzy is a real-time market research platform that aims to advance human understanding between consumers and enterprises everywhere at the speed of culture.
Many of the biggest brands in the world use Suzy to deliver breakthrough products and experiences backed by data-driven decisions. Suzy has been recognized on Forbes’ list of America’s Best Startup Employers in 2021 and 2022, Inc. Magazine’s list of Best Workplaces of 2021 and 2022, BuiltIn Best Workplaces 2021 and 2022, and as a GRIT Top 50 Most Innovative Supplier in Market Research. Suzy is also a G2 High Performer, Leader, and Momentum Leader in 2022.
Suzy has raised $100 million in venture capital funding from investors that include Bertelsmann Digital Media Investments, Foundry Group, H.I.G. Capital, North Atlantic Capital, Tribeca Venture Partners, Triangle Peak Partners, and Kevin Durant’s 35 Ventures. Learn more at www.suzy.com.
Why Work With Us
Every Suzy team member has an entrepreneurial attitude, a love for problem-solving, collaborating, and lots of hustle.
We are humble, positive, hilarious, and genuinely love getting things done! Not to mention our perks (snacks,
dog-friendly office, insane parties). We are incredibly proud of our award-winning culture.
Gallery
