Webroot is a fast growing company with cutting-edge technology looking for a Governance, Risk and Compliance (GRC) Analyst. The ideal candidate will work within Webroot’s Operations department and will assist in maintaining and continuously improving the company’s compliance and risk management programs. This is an exciting time as we are on the cusp of ISO certification resulting in lots of opportunity for the company and growth for our team members as we oversee operational compliance and the security of our data. Grow your career with us by applying today.    

Based out of our Broomfield, CO office, this position is responsible for supporting Webroot’s Governance, Risk and Compliance (GRC) programs. As a GRC Analyst you will be part of the team responsible for supporting the risk management framework for the company, including programs related to information security, privacy, 3rd party risk, regulatory compliance, and business continuity planning. You will work with departments throughout the organization to evaluate the design and effectiveness of Webroot’s procedures and controls to ensure compliance with our stated standards. 

Responsibilities include but are not limited to:

• Support Webroot’s GRC frameworks and administration with a focus on continual improvement
• Maintain internal compliance against organizational policies and procedures by the planning, testing, remediation, tracking and reporting on internal control reviews and risk assessments
• Assist in identifying and communicating control gaps and evaluating management remediation action plans and related reporting
• Conduct risk assessments of third parties as part of the Vendor Risk Management program
• Guide the maturity of programs for business continuity planning and disaster preparedness
• Sustain awareness of external regulations for new or changed requirements within Webroot (PCI, ISO27001, etc.).
• Work across teams to accomplish security and compliance program goals 

Required or Preferred Skills and Experience:

• Minimum 1-2 years of experience in technology assessments, with a solid understanding of IT governance, information security policies, standards and industry best practices
• Knowledgeable with security risk frameworks (e.g., ISO, NIST, COBIT, etc.) and regulatory compliance (e.g., GDPR, SOC, PCI-DSS, etc.) from a global perspective a plus
• Practical experience in scoping and conducting risk assessments and internal control audits
• Detail oriented with excellent documentation skills and ability to communicate effectively across functional areas
• CISA or equivalent GRC related designation or training is a plus
• Experience with Vendor Management programs and/or Disaster Recovery and Business Continuity planning would be beneficial

Consider joining our ever-evolving team and apply! 

At Webroot, we do more than secure our customers' personal computers, mobile devices and networks. We also nurture our employees' most critical assets – their talents, experience, and career aspirations. Webroot has the energy of a start-up with the strength and stability of an Internet security market leader. We foster the innovative culture you'd expect of a company that's making a statement. Webroot is a company in which you can invest yourself fully, knowing that you're not only protecting our customers around the world, but also that your talents and innovation will be recognized and rewarded. We encourage you to learn more about us and explore our job openings. Secure your future. Ensure the same for your career. Principals only - no third parties, please. Webroot Inc. is an Equal Opportunity Employer.