Senior Information Security GRC Analyst at Onna
* This role can be on-site/hybrid remote in our North Carolina or New York offices, as well as fully remote from the US.
* You must have authorization to work in the location the position is posted.
We’re Onna: A passionate, hard-working team solving one of the biggest challenges facing today’s businesses — knowledge fragmentation. We’ve built the world’s first Knowledge Integration Platform to make enterprise knowledge more accessible, useful, and private. We help some of the world’s leading companies like Facebook, Slack, Electronic Arts, and Fitbit, to bring together fragmented knowledge from today’s most popular workplace applications. With our platform, teams can unify, protect, search, automate, and build on top of their organization’s proprietary knowledge, allowing them to leverage it in new and intuitive ways.
As an Information Security GRC Analyst, your objective is to lead the day-to-day information security compliance, governance, and risk management functions, supporting a program that builds client trust in the organization and its products. The role includes managing audits and assessments, aligning cross-functional groups with security practices, improving the security posture of the organization, and defining and managing privacy and security standards in support of legal and regulatory compliance needs that aid in business growth. The candidate will be a member of the Information Security department and will report to the Director of Security.
What You’ll Do
- Implements a risk assessment framework, security controls, and a program that aligns to regulatory and business requirements, ensuring documented and sustainable compliance that advances company objectives.
- Performs regular risk assessments, works with stakeholders by assisting with the selection of controls, monitors treatment, and prepares status reports.
- Collaborates across the organization in reducing risk associated with vulnerabilities, works with groups on developing and reporting mitigation strategies, and ensures alignment with security controls/policy.
- Aids Director of Security in building strong governance, communicating proper security practices, building awareness, and relating the impact of risk to the business.
- Oversees GRC platforms, artifact and evidence generation, and leads stakeholders through audit processes as well as continuously monitors controls, exceptions, risk, and testing.
- Prepares, plans, runs, and supports information security audits (internally and with external auditors, aligning with company controls, ISO 27001, SOC2) and aligns with various cybersecurity frameworks (CIS, NIST) and regulations (GDPR, CCPA), as appropriate.
- Assists with alignment of security and privacy controls to help drive privacy initiatives.
- Oversees GRC platform, supports inventory of controls and framework mappings, maintains and reports on risk register, and supports security policy and standards development process.
- Communicates with prospective and current customers about security, risk, and compliance questions and assists in responses to RFI/RFP inquiries, surveys, and security assessment questionnaires, helps maintain security media packages for building customer trust, and maintains CAIQ surveys.
Who you are:
- 5+ years' experience in information security and/or related functions (Governance, Risk and Compliance (GRC)), IT audit, or IS risk management.
- Significant experience with ISO 27001 and SOC2 audits and ISO certification processes.
- Familiarity with ISMS and security controls, particularly ISO 27000 series, CIS, and NIST.
- Experience with auditing (preferably security control frameworks).
- Working knowledge privacy, compliance, and regulatory requirements, such as GDPR and international, federal, and state privacy laws.
- Advanced knowledge of information security concepts and technical controls.
- Former experience with governance, risk, and compliance management in a global environment.
- Relevant industry certifications as CISSP, GIAC, CISA, and CISM preferred.
- Experience in cloud infrastructures as GCP preferred.
Benefits we offer:
We've entered a new era of remote work, where our day-to-day is now virtual, and we're committed to adapting to embrace this change.
- Competitive salary package
- 401(k) with matching contribution
- Comprehensive medical, vision, and dental coverage
- Flexible vacation and PTO policies
- Flexible working time
- Remote and semi-remote work opportunities
- Monthly virtual fitness and well-being stipend
- Learning and development budget
- Monthly virtual team Lunch-and-Learns and Happy Hours
- Birthday and anniversary celebration
About us, our product, and our funding:
We're Onna: A passionate, hard-working team solving one of the biggest challenges facing today's businesses — knowledge fragmentation. We've built the world's first Knowledge Integration Platform to make enterprise knowledge more accessible, useful, and private. We help some of the world's leading companies like Facebook, Slack, Electronic Arts, and Fitbit, to bring together fragmented knowledge from today's most popular workplace applications.
Our growing list of integrations features tools that are essential to our customers’ daily workflows like Slack, Zoom and Dropbox. Once connected to Onna, the potential use cases are limitless: Information Governance, eDiscovery, Compliance, Knowledge Management, are just a few ways Onna can empower organizations and their employees. With our platform, teams can unify, protect, search, automate, and build on top of their organization's proprietary knowledge, allowing them to leverage it in new and intuitive ways.
We're a distributed team with locations in New York City, Barcelona, Raleigh-Durham, San Francisco, London & Toulouse, and many remote team members throughout the US. Onna is actively growing and we're thrilled to welcome new team members from across the world to a work environment that is collaborative, flexible, fast-paced, and lighthearted.
Onna aspires to be a place where people can bring their whole selves to work. We value empathy, grit, and balancing a sense of ownership of our work alongside appreciation for our teammate's accomplishments and effort. Your career growth is important, and we'll provide you with the tools, resources, and manager support to gain experience and further develop your skills.
In 2019, we closed an $11M Series A led by Dawn Capital with the participation of our integration partners Slack Fund and Dropbox, and in 2020 we closed a $27M Series B led by Atomico with participation from Glynn Capital, as well as follow-up investments from Dawn Capital, Nauta Capital, and Slack Fund.
Onna is an equal opportunity employer and we value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. You must have authorization to work in the location the position is posted.