GRC Analyst
About Clear Street:
Clear Street is building modern infrastructure for capital markets. Founded in 2018 by industry veterans, Clear Street is an independent, non-bank prime broker designed to solve the industry’s most neglected problem: legacy technology.
We have built a proprietary, cloud-native, clearing and custody system to replace the legacy infrastructure used across capital markets, improving speed, access, and service for our clients. Today, we offer emerging managers and institutions everything they need to trade U.S. equities and options. In the future, our single-source platform will serve multiple investor types, across multiple asset-classes, on a global scale.
By combining highly-skilled product and engineering talent with seasoned finance professionals, we’re building the essentials to compete in today’s fast-paced markets.
The Team:
As a member of the governance, risk, and compliance (GRC) team, you’ll have the opportunity to shape Clear Street’s maturing security program and influence the security foundation for all our products and services.
The Role:
- Have a chance to build and grow GRC capabilities from the ground up. You will help design, implement, and run our overall GRC strategy.
- Focus as much on little “c” compliance (ie: ensuring we’re doing the right things to keep our business safe and secure) as big “C” Compliance (ie: formal audits and assessments). A good GRC function focuses on reaching the business’ security objectives, not just checking boxes.
- Support our SOC2 and ISO27001/27701 preparation and audit activities. Also, you can help select tooling to make evidence collection bearable!
- Perform periodic review of controls, identify weaknesses, and assist with remediation.
- Assist in writing and maintaining our internal and external security and privacy policies.
- Serve as a GRC subject matter expert for departments within the company.
- Respond to inbound cybersecurity and privacy third party assessment requests.
- Assist with our incident response tabletop exercises.
- Be supported in your professional growth in cybersecurity and privacy.
- Have unique opportunities for learning in a fast-growing financial startup.
Requirements:
- Experience in GRC. That can mean a lot of things ranging from being a member of a formal GRC team to “I was the person filling out all the third party risk stuff.”
- Detailed knowledge of compliance frameworks such as NIST CSF, SOC 2, ISO 27001, and ISO 27701.
- General working knowledge of core cybersecurity, privacy, and related concepts such as least privilege, cloud infrastructure and cloud SaaS, GDPR, CCPA, and security operations.
- Experience in having conducted security assessments, risk assessments, security control reviews, external security audits, including recommending compensating/mitigating controls to reduce risk.
- A desire to do GRC differently. Clear Street is focused on building and maturing our GRC functions that reduces friction and supports our business needs, not building a wall of process in front of everything.
- You’ve written a privacy policy that is understandable by non-lawyers preferred
- Some experience with public speaking is preferred but not required.. Our security team focuses on outreach and communication and there are many opportunities to “take the stage” with internal audiences through training, table top simulations, and analysis activities.
- Never saw a thread you didn’t pull. In other words, critical thinking. If this…then that…then uh-oh.
We Offer:
The Base Salary Range is 100,000-120,000. These ranges are representative of the starting base salaries for this role at Clear Street. Which range a candidate fits into and where a candidate falls in the range will be based on job related factors such as relevant experience, skills, and location. These ranges represent Base Salary only, which is just one element of Clear Street's total compensation. The ranges stated do not include other factors of total compensation such as bonuses or equity.
At Clear Street, we offer competitive compensation packages, company equity, 401k matching, gender neutral parental leave, and full medical, dental and vision insurance.
Our top priority is our people. We’re continuously investing in a culture that promotes collaboration. We help each other through challenges and celebrate each other's successes. We believe that modern workplaces succeed by virtue of having high-performance workforces that are diverse — in ideas, in cultures, and in experiences. We put in the effort to make such a workplace a daily reality and are proud to be an equal opportunity employer.