Compliance Analyst-Governance Risk And Compliance
Webroot is a fast growing company with cutting-edge technology looking for a Governance, Risk and Compliance (GRC) Analyst. The ideal candidate works within Webroot’s Operations department and is responsible for maintaining and continuously improving the company’s compliance and risk management programs. This is an exciting time as we are on the cusp of ISO certification resulting in lots of opportunity for the company and growth for our team members as we oversee operational compliance and the security of our data. Grow your career with us by applying today.
Based out of our Broomfield, CO office, this position is responsible for supporting Webroot’s Governance, Risk and Compliance (GRC) programs. As a GRC Analyst you will work on various aspects of our Information Security compliance and Risk Management initiatives. This position will work with departments throughout the organization to evaluate the design and effectiveness of Webroot’s procedures and controls to ensure compliance with our stated standards. Additionally, you will be responsible for supporting the risk management framework for the company, including programs related to information security, privacy, 3rd party risk management, regulatory compliance, and business continuity planning.
Responsibilities include but are not limited to:
- Support Webroot’s GRC frameworks and administration with a focus on continual improvement
- Maintain internal compliance against organizational policies and procedures by the planning, testing, remediation, tracking and reporting on internal control reviews and risk assessments
- Assist in identifying and communicating control gaps and evaluating management remediation action plans and related reporting
- Conduct risk assessments of third parties as part of the Vendor Risk Management program
- Guide the maturity of programs for business continuity planning and disaster preparedness
- Sustain awareness of external regulations for new or changed requirements within Webroot (PCI, ISO27001, etc.).
Work across teams to accomplish security and compliance program goals
Required or Preferred Skills and Experience:
- Minimum 3-5 years of experience in Information Security with a solid understanding of IT governance, information security policies, standards and industry best practices. May consider a junior analyst with Information Security fundamentals
- Knowledgeable with security risk frameworks (e.g., ISO 27001/27018/22301, NIST 800 series, COBIT, etc.) and regulatory compliance (e.g., GDPR, SOC 1/2/3, PCI-DSS, PA-DSS, etc.) from a global perspective a plus
- Practical experience in scoping and conducting risk assessments and internal control audits
- Detail oriented and able to meet tight deadlines with excellent documentation skills and ability to communicate effectively across functional areas
- CISA or equivalent GRC related designation or training is a plus
- Experience with Vendor Management programs and/or Disaster Recovery and Business Continuity planning would be beneficial
Consider joining our ever-evolving team and apply!
At Webroot, we do more than secure our customers' personal computers, mobile devices and networks. We also nurture our employees' most critical assets – their talents, experience, and career aspirations. Webroot has the energy of a start-up with the strength and stability of an Internet security market leader. We foster the innovative culture you'd expect of a company that's making a statement. Webroot is a company in which you can invest yourself fully, knowing that you're not only protecting our customers around the world, but also that your talents and innovation will be recognized and rewarded. We encourage you to learn more about us and explore our job openings. Secure your future. Ensure the same for your career. Principals only - no third parties, please. Webroot Inc. is an Equal Opportunity Employer.