Senior Governance, Risk, and Compliance Analyst (GRC)
About SurveyGizmo
Founded in 2006, SurveyGizmo is a powerful survey and data insights platform that empowers business professionals to make informed decisions. As SaaS application software, it offers user-friendly data collection tools for understanding customers, markets, and employees in real time and communicating this information across an organization. It provides data insights in over 205 countries, with 50K new surveys created and 5M responses collected every week.
SurveyGizmo has tremendous opportunity to continue this growth, based on current market size and the potential for more sophisticated product positioning and a robust sales and marketing engine. Details on SurveyGizmo’s products and services can be found on our website (www.surveygizmo.com).
Who You Are
A Senior Governance, Risk, and Compliance (GRC) Analyst who is not afraid to own security and compliance at a high-growth, global SaaS company.
You have a Heart for Service
We provide extraordinary service to our customers, co-workers, and our community by going out of our way to appreciate and support them.
You are Curious
We create products that help our customers listen and be curious, and we ourselves are curious. We strive to understand our customers’ business problems and the solutions delivered with our software.
You Find a Way
We help our customers and employees succeed by finding solutions to their problems. We have a can-do attitude and we do what we say we will do.
What You Will Do
- Determine and ensure compliance needs by evaluating US and international laws, regulations, standards, and frameworks such as GDPR, SOC 2, ISO 27001, PCI-DSS, NIST CSF, and HIPAA
- Identify policies and procedures that need changes or updates, and work cross-functionally with other departments to implement these processes
- Review contracts and track obligations and commitments made to customers
- Complete third-party security assessments for potential and existing customers
- Assist with the development of the organization’s information security program, policies, standards, and reporting metrics
Qualifications
- 3-5+ years of experience with industry information security & control frameworks such as NIST CSF, ISO 27001, SOC 1 and SOC 2 (SSAE18), PCI-DSS, CIS Benchmarks, CIS Top 20
- Ability to successfully juggle multiple tasks and responsibilities, work independently as well as on a team, achieve targeted goals and objectives, and communicate progress to stakeholders in a non-threatening way using layman’s language
- Desire to drive the organization forward in an observable and quantifiable way
- Ability to evaluate and communicate risk in alignment with the company’s risk tolerance levels
- Relevant certifications are a plus
In addition, you have:
- 4+ years of experience in security and compliance
- SaaS industry experience
- Working knowledge of compliance for HIPAA, PCI DSS, and GDPR
- The flexibility to work in an ever-changing environment with shifting priorities as it scales
- Solid communication skills to effectively present and communicate to leadership and the company
- A sense of humor