GRC Analyst
Our GRC team is looking for a creative and experienced IT compliance and security risk professional to join our growing program.
The GRC team at Squarespace sits within the Security Organization. Members of the GRC team work closely with the Security Engineering team to evaluate risk, align on mitigating controls, and crafting security policy. The GRC Analyst role will also interface with the Squarespace internal controls team, legal team, and a variety of engineering teams.
The GRC function is led by the Director of GRC and includes a GRC Team Lead, Senior GRC Analyst, and GRC Analyst. The GRC Team Lead and Senior GRC Analyst report directly to the Director of GRC, with GRC Analysts (current and future) reporting in to the GRC Team Lead.
RESPONSIBILITIES
- Evaluate and maintain ITGC procedures, and controls for Squarespace systems (internally developed and third-party).
- Collaborate with partners across the business (Finance, Accounting, Internal Controls, Engineering, etc.) to track remediation of ITGC and security control gaps.
- Conduct self-assessments/audits to confirm Squarespace’s adherence to internal policies, compliance goals, and industry best practices.
- Help support external audits of our SOX and PCI control environments
- Perform detailed ITGC testing for in scope SOX systems. Document and communicate findings with the GRC team and, where necessary, process owners.
- Assist with security and enterprise risk assessments across the organization.
- Partner with Security Engineering to formally document security policies (outside the scope of ITGC policies) and procedures.
- Conduct vendor security risk assessments for any third-party SaaS software solutions being considered for use. Provide feedback to the key stakeholders based on the assessment and a recommendation to move forward or disengage.
- Grow and establish the GRC function at Squarespace through collaboration with Engineering teams and cross functional partnerships with Finance, Accounting, Legal, CustOps, Product, and Strategy.
- Track project status and communicate road blocks with proposed solutions.
QUALIFICATIONS
- Relevant experience in an IT audit/compliance/risk management role
- Experience with IT controls implementation in the context of SOX and SOC 2/3
- Experience working in a full Linux environment, Git, and CI/CD
- Eager to learn from more seasoned GRC and Security Engineering professionals
- PCI controls implementation & SAQ experience is a plus
- Experience identifying, tracking, reporting and remediating IT procedural and technical risk
- Working knowledge of web-based technologies and cloud environments is a plus
- Big-4 is preferred
- CISA certification (or at a minimum, successful completion of the CISA examination) is strongly preferred
About Squarespace
Squarespace makes beautiful products to help people with creative ideas succeed. By blending elegant design and sophisticated engineering, we empower millions of people — from individuals and local artists to entrepreneurs shaping the world’s most iconic businesses — to share their stories with the world. Squarespace’s team of more than 1,000 is headquartered in downtown New York City, with offices in Dublin and Portland. For more information, visit www.squarespace.com/about.
Benefits & Perks
- Health insurance with 100% premium covered for you and your dependent children
- Flexible vacation & paid time off
- Up to 20 weeks of paid family leave
- Equity plan for all employees
- Retirement benefits with employer match
- Fertility and adoption benefits
- Free lunch and snacks at all offices
- Education reimbursement
- Dog-friendly workplace in New York office
- Commuter benefit in the form of reduced tax (Ireland) and pretax (US)
Today, more than a million people around the globe use Squarespace to share different perspectives and experiences with the world. Not only do we embrace and celebrate the diversity of our customer base, but we also strive for the same in our employees. At Squarespace, we are committed to equal employment opportunity regardless of race, color, ethnicity, ancestry, religion, national origin, gender, sex, gender identity or expression, sexual orientation, age, citizenship, marital or parental status, disability, veteran status, or other class protected by applicable law. We are proud to be an equal opportunity workplace.