GRC Analyst

Who we seek:

At BigID, we believe in building a high-performing and inclusive culture where innovation, integrity, and teamwork thrive. Join a passionate team of data experts and industry leaders, and contribute to solving some of the most critical challenges in data privacy and security today.

As a Security GRC Analyst at BigID, you will be a key player in safeguarding our mission-critical platform. You'll contribute significantly to our security posture by:

• Driving key risk management initiatives: You'll actively participate in security and privacy risk assessments.
• Maintaining compliance excellence: You'll ensure adherence to relevant security standards and regulations (e.g., SOC 2, ISO 27001, GDPR).
• Fostering strong cross-functional collaboration: You'll work closely with engineering, legal, and operations teams to implement and maintain effective security controls.

In this role, you will report directly to the Security Compliance Lead.

What you’ll do:

• Help maintain and improve security compliance and risk management documentation including policies, standards, and processes.
• Help manage compliance programs for key certifications such as ISO 27001, SOC 2, HIPAA, PCI, and support external audits to maintain security certifications.
• Collaborate on building and managing security and privacy risk management programs.
• Support the use and optimization of Governance, Risk & Compliance (GRC) tools such as Anecdotes, Confluence, and Jira to drive effective security governance.
• Assist in enforcing security policies and procedures based on industry standards, ensuring compliance across teams.
• Assess and manage third-party risk for new and existing vendors to ensure their compliance with BigID’s security standards.
• Assist in responding to customer security questionnaires, ensuring clarity and confidence in our security posture.
• Work closely with various teams (engineering, legal, operations) to ensure understanding of control activities, provide training, and share security best practices across the organization.
• Contribute to the development and continuous improvement of disaster recovery and business continuity plans.
• Help track and report on metrics and KPIs to measure the effectiveness of security and risk management programs.

What you’ll bring:

• Bachelor’s Degree in a relevant field or an equivalent combination of education, work experience, and professional certifications.
• 3+ years of experience in a security audit, governance, or risk management role within the tech sector.
• Experience with Confluence, Jira, and GRC tools like Anecdotes.
• In-depth knowledge of AWS security best practices and services (e.g., AWS Certified Security Specialty).
• Familiarity with managing compliance for standards such as ISO 27001, SOC 2, HIPAA, PCI, and experience in supporting external audits.
• Knowledge of regulatory frameworks like GDPR, CCPA, or other regional standards.
• Proven ability to lead and manage projects, with strong organizational, analytical, and problem-solving skills.
• Strong interpersonal skills with the ability to communicate effectively across teams and levels, driving alignment on security strategies.
• Ability to thrive in a fast-paced, dynamic environment while delivering results and meeting deadlines.
• Experience working in a global environment, understanding diverse regulatory and security requirements.

Our Values:

We look for people who embody our values - Care, Do,Try & Shine.

• Care - We care about our customers and each other
• Do - We do what it takes to make a positive impact
• Try - We try our best and we don’t give up
• Shine - We shine and make it our mission to always stand out

What’s in it for you?!

Our people are the foundation of our success, and we prioritize offering a wide range of benefits that make our team happier and healthier.

• Equity participation - everyone shares in our success
• Flexible work arrangements 
• Other compulsory benefits based on country of residence

#LI-Remote