Security Analyst: Governance, Risk, and Compliance

Arcadia is the technology company empowering energy innovators and consumers to fight the climate crisis. Our software and APIs are revolutionizing an industry held back by outdated systems and institutions by creating unprecedented access to the data and clean energy needed to make a decarbonized energy grid possible.

In 2014, Arcadia set out on its mission to break the fossil fuel monopoly and since then we have been knocking down the institutional barriers to unlock decarbonization.  To date, we have connected hundreds of thousands of consumers and small businesses with high-quality clean energy options. Fast forward to today, and now, we’re thinking even bigger.  We have launched Arc, an industry-defining SaaS platform that empowers developers and energy innovators to deliver their own custom, personalized energy experiences, accelerating the transformation of the industry from an analog energy system into a digitized information network.

Tackling one of the world’s biggest challenges requires out-of-the-box thinking & diverse perspectives. We’re building a team of individuals from different backgrounds, industries, & educational experiences. If you share our passion for ushering in the era of the clean electron, we look forward to learning what you would uniquely bring to Arcadia!

What we’re looking for:

We are seeking an InfoSec Governance, Risk, and Compliance (GRC) Analyst to maintain and advance Arcadia’s security posture. This role requires managing and executing a growing slate of activities related to information security risk management practices at Arcadia, including maintaining our SOC 2 certification, security policy/document management, third-party security reviews, and internal assessments.

Arcadia is headquartered in Washington, DC, and open to fully remote candidates.

What you'll do:

• Steer Arcadia security activities toward a strategic program that is directly connected to business value.
• Govern and maintain SOC 2 compliance.
• Perform and manage periodic security assessment and audit activities, particularly those required by business partners or compliance frameworks/regulations.
• Develop and maintain organizational security policies and related documentation.
• Report to audiences across the company on Arcadia’s developing maturity across security domains.
• Identify and measure meaningful metrics that help to clarify how we can improve our security practices.
• Collaborate closely and maintain alignment with key stakeholders.

What will help you succeed:

Must-haves:

• 2+ years of experience with InfoSec GRC activities.
• Experience with security compliance frameworks (e.g., SOC 2, ISO 27001, NIST CSF).
• Outstanding communication skills. 
• Rigorous execution, reporting, and tracking for follow-through. 
• Analytical and creative mindset for exploring risks and learning new concepts.
• Orientation around delivering security results that are aligned with business needs.
• Working knowledge of cloud services, including major infrastructure/platform-as-a-service providers (e.g., AWS), and related security considerations (e.g., identity and access management, third-party risk management, etc).

Nice-to-haves:

• Hands-on experience with GRC tools.
• Experience with engineering and automating compliance activities.

Benefits:

• "Remote first" culture - work anywhere in the US as long as you have a reliable internet connection
• Flexible PTO - no accrued hours and no limit on the number of vacation days employees can take each year
• 15 annual company-wide holidays including a week long "summer break"
• 10 days sick leave
• Up to 4 weeks bereavement leave
• 2 volunteer days off
• 2 professional development days off
• 12 weeks paid parental leave for all parents
• Weekly "flex time" - no internal meetings on Tuesdays and Friday afternoons
• 80-95% employer cost coverage for medical, dental, and vision benefits for employees and dependents
• Annual budget to use on conferences, books, classes, workshops or anything that contributes to professional development
• A supportive engineering culture that values diversity, empathy, teamwork, trust, and efficiency

Eliminating carbon footprints, eliminating carbon copies. 

Here at Arcadia, we cultivate diversity, celebrate individuality, and believe unique perspectives are key to our collective success in creating a clean energy future. Arcadia is committed to equal employment opportunity regardless of race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, protected veteran status, or any status protected by applicable federal, state, or local law. While we are currently unable to consider candidates who will require visa sponsorship, we welcome applications from all qualified candidates eligible to work in the United States.