Senior Analyst - Governance, Risk Management, and Compliance
The GRC team is seeking forward thinking, creative, technical, and talented IT compliance and security risk professionals with a strong background in regulatory controls requirements, process improvement, controls implementation, and security risk analysis.
Responsibilities:
- Evaluate, develop, manage and maintain ITGC policies, procedures, and controls for Squarespace systems (internally developed and vendor provided).
- Actively work with stakeholders across the business (Finance, Accounting, Internal Controls, Engineering, etc.) to identify, document, and track remediation of ITGC and security control gaps.
- Conduct periodic self-assessments of Squarespace’s adherence to internal policies, compliance reporting objectives and industry best practices.
- Work closely with the Squarespace Internal Controls team and external auditors.
- Communicate policy and procedure requirements to stakeholders.
- Leverage knowledge of published risk and control frameworks (ISO, NIST, CIS, SOC, etc.) to develop a customized security risk and control framework for Squarespace based on the company’s risk profile.
- Conduct security risk assessments across the organization, rank security risks, articulate risk in terms of business impact, and suggest reasonable strategies to mitigate risks.
- Work closely with Squarespace Security Engineering teams to automate control processes and integrate the process side of security with the technical side of security.
- Apply technical knowledge of Linux and access control by configuring and managing auditd access monitoring and accounting rules
- Formally document and develop security policies (outside the scope of ITGC policies) and procedures.
- Conduct vendor security risk assessments, provide risk based recommendations to the organization, and evaluate the company third party risk posture.
- Grow and establish the GRC group within Squarespace and contribute to the GRC community through participation in conferences and sharing knowledge and approaches developed through our work at Squarespace.
- Actively track project status and proactively communicate road blocks.
Qualifications:
- 5+ years relevant experience in an IT audit/compliance/risk management role
- Experience with IT controls implementation in the context of SOX and SOC 2/3
- Data analytics background utilizing NoSQL, SQL, and/or Python is strongly preferred
- Experience working in a full Linux environment, Git, and CI/CD
- Self-motivated and capable of coaching/mentoring staff as the team grows in size
- PCI controls implementation, SAQ, and RoC experience is a plus
- Experience with identifying, tracking, reporting and remediating IT procedural and technical risk
- Working knowledge of web based technologies and cloud environments is desired to achieve success in this role
- Big-4 is preferred
- CISA and/or CRISC certification is strongly preferred
About Squarespace
Squarespace empowers people with creative ideas to succeed. For more than a decade, we’ve empowered millions of people — from individuals and local artists to entrepreneurs building the world’s most iconic businesses — to take control of their online presence like never before. By blending elegant design and sophisticated engineering, Squarespace sets the new standard for modern publishing.
Squarespace’s team of more than 800 is headquartered in downtown New York City, with offices in Dublin and Portland. For more information, visit www.squarespace.com/about.
Perks
- Health insurance with 100% premium covered
- Flexible vacation & paid time off
- Equity plan
- 401(k) plan with employer match
- Free lunch and snacks
- Dog-friendly workplace
Today, more than a million people around the globe use Squarespace to share different perspectives and experiences with the world. Not only do we embrace and celebrate the diversity of our customer base, but we also strive for the same in our employees. At Squarespace, we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace.