Task Force Talent is seeking an Information Security (Cybersecurity) Governance, Risk, and Compliance (GRC) Analyst for a very well-funded Series C company working on data analytics for insider threat and supply chain security problems. Applicants MUST HAVE recent experience with ISO 27001; recent FedRamp experience as well as GDPR and CCPA experience is a big plus. Applicants with prior startup experience will also have a significant advantage.
Core Responsibilities:
- Orchestrate GRC initiatives to bolster security across cloud ecosystems, SaaS offerings, and endpoint devices
- Design and implement a compliance framework aligned with corporate objectives, maintaining current certifications (e.g., ISO 27001) and pursuing new standards
- Guide internal readiness assessments for compliance audits and manage relationships with third-party certification bodies
- Oversee risk management for products, corporate IT, and external partnerships
- Pinpoint and address security gaps in infrastructure, products, and internal tools
- Perform security and intelligence risk evaluations for vendors and partners
- Oversee and update the company's security policy repository
- Support sales efforts by addressing technical security questionnaires
- Develop and maintain a comprehensive security awareness program covering data protection, insider risk, and regulatory requirements (such as GDPR and CCPA)
Required Qualifications:
- 5+ years of GRC experience in SAAS environments built on major cloud platforms (AWS, Azure, etc.)
- In-depth knowledge of ISO 27000 series, NIST 800 guidelines, and relevant data protection laws
- Proven track record in leading security projects and compliance initiatives
- Experience in securing third-party security certifications
- Proficiency in vendor risk management processes
- Familiarity with compliance automation tools
Desirable Skills:
- Experience with FedRAMP Moderate certification process
- ISO 27001 Internal Auditor certification
- Practical knowledge of GDPR and CCPA requirements
- Background in insider risk program management
- Adaptability to fast-paced, startup environments
- Understanding of application security principles
We have an extremely good relationship with this client and work directly with senior managers, including the CISO and CTO, who has started several companies and had multiple successful exits, including an IPO. We have placed quite a few engineers at this firm over the last year, and everyone we have placed is extremely happy. (Even those who did not get an offer were left with very positive impressions.)
The company is profitable and growing fast with approximately 150+ employees. The position is available in Tysons Corner, VA. The work environment is hybrid, typically 3 days/week in the office so people know each other, but those hours are flexible to accommodate family/childcare and traffic.
The benefits are great and include:
- Company Equity Options
- Unlimited PTO and Wellness Reimbursement
- U.S. Holidays
- Paid Parental Leave
- Comprehensive Insurance (Medical, Dental, and Vision)
This company is completely private sector, no security clearance required, but applicants should be clearance eligible and an existing clearance is a plus. As such, employment is open to U.S. citizens only at this time (no visa sponsorship.)
Not your dream job, but perfect for a friend? You can submit a referral and get a check for $2000 or more: https://www.taskforcetalent.com/referral/
(Terms and conditions apply.)
________________________________________________________________________________________________________________________________________
About us:
Task Force Talent is a specialized recruiting firm for science, engineering, and security careers. Our clients include seed to Series C startups working on AI, cybersecurity, quantum computing, and other novel technologies. We also work with small to medium size government contractors, and we help leading venture capital firms find talent for their portfolio companies. We have hundreds of jobs available and consider all applicants for all roles, now and in the future. Our goal is to find the best fit for you!
If you don't see the perfect fit, simply use our general application at: https://taskforcetalent.breezy.hr/p/5bbc3c44433e-single-application-for-all-jobs-general
____________________________________________________________________________________________________________________________________________
Qualifications
- U.S. Citizen
- Recent experience with ISO (specifically ISO 27001) and knowledge about GDPR and CCPA
- Experience with FedRamp
- Experience with SOC 2 Type 2 and risk management proficiency (general and vendor-specific)
- Experience with reputable assessment methodologies and implementing robust compliance programs (ex. programs that secure third-party data, and vendor risk management assessments)
- Familiar with utilizing compliance automation software to the fullest
- Experience with directing research and implementation of compliance standards
- 5+ years experience; ideally more
____________________________________________________________________________________________________________________________________
Interview Process
Task Force Talent will conduct initial interview(s). The company will then usually conduct a quick phone screen with HR, a more detailed on site interview with the CISO, and then several interviews with various parts of the company before a final interview with the CTO.