All roles

Open role

Senior Security Governance, Risk and Compliance Analyst

Remote · Portugal Full-time

Job Summary: The Senior Security Governance, Risk and Compliance Analyst will lead the Information Security Governance, Risk and Compliance (GRC) function. The Senior Security GRC Analyst will provide hands-on experience maturing risk management processes and establishing security & privacy related compliance with appropriate security standards and regulations that include ISO, NIST, PCI-DSS, MPA/TPN, GDPR and other industry-standard frameworks. The role will work collaboratively with various stakeholders to ensure success with all related programs. The Senior Security GRC Analyst will use risk-based methodologies and decision-making to arrive at creative and pragmatic solutions, without relying on pre-defined checklists, is an important component of the role. Ensures the performance of all duties in accordance with the company's policies and procedures, all global laws, and regulations, wherein the company operates. Duties and Responsibilities:

  • Review regulatory requirements, external policies or standards related to Information Security & Data Protection/Privacy, and conduct gap analysis to internal security policies and requirements. Ensure compliance with regulatory compliance and certification programs (e.g., ISO 27001, NIST CSF, PCI-DSS, MPA/TPN, GDPR)
  • Establish, implement, and monitor the security certifications program and ensure that it continues scale appropriately with the business
  • Ensure compliance with the established key metrics that measure data security standards, the ISO standards/certification and provide evidence of compliance for internal and external audits
  • Be a Security and Compliance Champion that promotes and evangelizes awareness of different security and compliance risks and best practices across the company
  • Perform risk assessments-including third party vendor/supply chain assessments, and manage associated security risk remediation activities
  • Conduct control and risk assessments of technical operating environments and third parties.
  • Identify, document, and manage gaps related to security and compliance and other tasks to support ensuring the Company’s underlying data and information security processes, infrastructure and measures are fit for purpose and scaled to deliver an appropriate level of protection
  • Collaborate with cross-functional teams to ensure security related controls are documented and managed
  • Support the business continuity management (BCM) program, including subject matter expertise input for business impact analysis (BIA), developing and testing business continuity plans (BCP), coordinating with IT on disaster recovery planning and updating/implementing crisis management plans (CMP)
  • Coordinate third party audits on security, controls, and security/privacy compliance
  • Conduct third party risk assessments and collaborate with external and internal stakeholders to identify critical risks to the organization
  • Work with third parties to agreed risk treatment plan and participate in contract review
  • Serve as a subject matter expert on internal controls, security, privacy and collaborate with Product Strategy and Development on product enhancements, features and security/privacy capabilities
  • Respond to customer security/compliance questionnaires
  • Stay current on market developments to identify emerging security technologies, risks, and trends
  • Bachelor’s Degree in Information Security, Information Systems, Engineering, or other related field or equivalent experience in a related field
  • 10+ years of progressive information security GRC experience
  • 5+ years of experience conducting & supporting internal/external formal audits (such as PCI-DSS, SOX, HIPAA)
  • Professional security certification such as Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Controls (CRISC), PCI-DSS Internal Security Assessor (ISA)
  • A comprehension of security standards and frameworks, rules and regulations, and system trust principals, such as ISO, NIST, OWASP, SANS Top 20, PCI-DSS, GDPR, ITIL, and SOC2
  • Previous experience with GRC tools such as KCM, Auditboard
  • Thorough understanding of Security Methodologies required
  • Ability to effectively communicate and educate others on the need and value-add of security governance, risk and compliance efforts

The starting pay range for this position is $112,100 - $134,500 per year however, base pay offered may vary depending on the level of the position, skills, experience, job-related knowledge, and location. In addition to a comprehensive package of health benefits that include company contributions, RAVE Aerospace offers a variety of additional benefits and perks to enhance your work-life balance experience including but not limited to:

  • Discretionary bonus program
  • Future financial security with a 401(k) program with company match
  • Paid time off covering vacations, personal time off and sick days, capped off by an exciting year-end holiday shutdown
  • Embraced flexibility with our alternative work schedule (9/80) to navigate your workweeks with every other Friday off

More open positions

Contract Global Intelligence Analyst (Mon, Thurs-Sat, 2:00pm CT-12am CT)

Work from home Full-time role

Embedded Intelligence Analyst

Work from home Full-time role

Security Operations Analyst (SOC Analyst)

Work from home Full-time role

Security Operations Center; SOC Analyst; Remote

Work from home Full-time role

Experienced Full-Time 100% Remote Level 3 SOC Analyst – Cyber Security Operations & Incident Response for 3rd Shift (8 PM - 6 AM) in Arizona

Work from home Full-time role

[Remote] Staff Product Designer

Work from home Full-time role

[Remote] Licensed Insurance Agent (Remote)

Work from home Full-time role

Automation Engineer (RPA/RMM)

Work from home Full-time role

Sr. Mobile Product Delivery Manager

Work from home Full-time role

Emergency Management Specialist 1/2 Flex

Work from home Full-time role

Staff Medical & Scientific Affairs Liaison - Neurological Disease

Work from home Full-time role

Compute Intelligence Engineer

Work from home Full-time role

Advisor Product Developer

Work from home Full-time role

[Remote] Staff Software Engineer / Architect - AI, CoCounsel FDE

Work from home Full-time role

Clinical Triage Nurse, Labor and Delivery, Work From Home

Work from home Full-time role

System Engineer III, Endpoint & Security Delivery/Information Solutions (Remote)

Work from home Full-time role

Warehouse Sr. Industrial Engineer - Start-ups (remote)

Work from home Full-time role

Senior Visual Marketing Manager – In‑Store Experience & Brand Activation (Remote/Part‑Time) – careerzynith

Work from home Full-time role

Senior Platform Engineer

Work from home Full-time role

Experienced Virtual Data Entry Clerk – Remote Work Opportunity with careerzynith

Work from home Full-time role

MuleSoft Integration Engineer

Work from home Full-time role