Senior Security Analyst, GRC at LogRhythm
LogRhythm is a Boulder-based security intelligence software company that empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. Globally the company has consistently been recognized as a market leader – including being placed in Gartner’s Magic Quadrant eight years running. We’ve earned a reputation as a company with a dynamic culture that’s committed to accelerated innovation cycles, thoughtful career development for our employees, and securing our customers from the most sophisticated cyber threats of the day.
Position Overview: Senior Security Analyst, GRC and Awareness
The Senior Security Analyst, in the Governance, Risk and Compliance (GRC) group, will report directly to the Chief Security Officer (CSO) of LogRhythm. You will have overall responsibility for LogRhythm’s GRC and security awareness programs. You will be responsible for ensuring compliance with regulations and certifications such as the Global Data Protection Regulation (GDPR), TRUSTe, Privacy Shield, SOC2, ISO27001, HIPAA, PCI, CCPA, and FedRamp. You will develop, maintain, and ensure compliance with corporate policies, standards, and procedures in alignment with ISO27001 and NIST security frameworks. You will be responsible for reviewing contracts and agreements in a security context to ensure we can meet the security needs of our customers. You will manage the risk inventory. You will work closely with other security team members in completing cross functional projects.
This is an opportunity to own the governance, risk, compliance, and security awareness programs for a fast-paced, innovative, security product company.
- Establish and maintain LogRhythm’s governance, risk, compliance, and security awareness programs
- Work with key stakeholders to ensure compliance with various regulations, such as the Global Data Protection Regulation (GDPR)
- Maintain LogRhythm’s various compliance certifications, such as TRUSTe, Privacy Shield, SOC2, ISO27001, FedRamp, HIPAA, PCI, and CCPA
- Develop and maintain corporate policies, standards, and procedures in alignment with ISO27001, NIST, and SOC2 frameworks and controls
- Ensure business units are in compliance with all policies, standards, and procedures
- Prioritize and drive remediation of security gaps; across all departments
- Monitor and report on the compliance and risk landscape of the company
- Liaison for completion of third-party risk questionnaires, contracts, and management of our response database
- Work closely with other team members in completing cross functional projects and ensuring that other teams are accountable to governance, risk, and compliance regulations
- Define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements
- Create and manage the education and awareness programs; content, delivery, compliance, phishing and other testing, etc.
- Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies
- Participate in risk remediation efforts across business units
- Manage vendors and third party risk
- Establish processes to review implementation of new technologies to ensure security compliance
- Experience auditing and applying control processes to networks and applications
- Knowledge of compliance regulations (GDPR, CCPA, etc.) and security frameworks (ISO27001, NIST, SOC2)
- Experience developing corporate security policies, standards, and procedures
- Experience with security and risk management
- Ability to apply knowledge by reading and interpreting regulations to formulate real world controls
- Understanding of cloud environments (GCP, AWS, Azure)
- Strong teamwork and collaboration skills with the ability to work across multiple business units (Engineering, HR, Legal, etc.) with multiple stakeholders to drive remediation of security gaps
- Strong facilitation and presentation skills and experience influencing and presenting at all levels including Senior business executives.
- Excellent written and verbal communication skills
- Strong critical thinking/problem solving skills
- Previous consulting, legal, and audit experience is a plus
- Experience in vendor management is a plus
- Understanding of solution delivery lifecycle and architecture is a plus
- Industry recognized certifications in security is a plus (CRISC, GRCP, CGEIT, ITIL, CISSP, CISM, CISA)
LogRhythm is proud to be an equal opportunity employer. We are committed to equal opportunity regardless of race, color, ancestry, religion, gender, gender identity, genetic information, parental or pregnancy status, national origin, sexual orientation, age, citizenship, marital status, disability, or Veteran status.