GRC Analyst
New York City, United States - Remote
Oura Health Ltd
Enhance your health journey with Oura. The Oura Ring provides round-the-clock insights into sleep, fitness, and stress for wellness. Now HSA/FSA eligible.Our mission at Oura is to empower every person to own their inner potential. Our award-winning products help our global community gain a deeper knowledge of their readiness, activity, and sleep quality by using their Oura Ring and its connected app. We've helped 2.5 million people understand and improve their health by providing daily insights and practical steps to inspire healthy lifestyles.
Empowering the world starts with living our values and empowering our team. As a quickly growing company focused on helping people live healthier and happier lives, we ensure that our team members have what they need to do their best work — both in and out of the office.
We are looking for a Governance, Risk, and Compliance (GRC) Analyst to join our growing team. You will play a critical role in managing and improving our GRC activities, aligning them with our organization's strategic objectives.
What you will do:
- Conduct and manage Vendor Risk Assessments (VRAs) [TPRM].
- Conduct and manage Client Risk Assessments (CRAs) [Security Questionnaires].
- Develop and implement Product Risk Assessments (PRAs).
- Collaborate on GRC programs ensuring alignment with broader security strategy.
- Review, create, and update policies and procedures to ensure compliance with relevant laws, regulations, and standards.
- Manage our external audit program, including engaging necessary teams during audit periods.
- Collaborate with internal stakeholders to improve our Business Continuity Plan (BCP), Continuity of Operations Plan (COOP), Business Impact Analysis (BIA), and Incident Response Plan (IRP).
- Conduct User and Access Audits, assessing the effectiveness of our offboarding and Role-Based Access Control (RBAC) privilege provisioning processes.
- Perform internal compliance audits, ensuring that we are measuring the efficacy of compliance activities in our security programs.
This is a remote US role with a slight preference for candidates based in the Eastern and Central time zones.
Requirements
We would love to have you on our team if you have:
- Proven technical experience and knowledge of IT systems, web applications
- Proven experience in a GRC role, ideally within a similar industry.
- Strong knowledge of relevant laws, regulations, and standards.
- Experience with risk management, audit management, and policy and procedure development.
- Excellent problem-solving skills and attention to detail.
- Relevant professional certifications (e.g., CISA, CISM, CISSP) would be an advantage.
Benefits
At Oura, we care about you and your well-being. Everyone here at Oura has a ring of their own and we are continually looking to improve employee health and add to our benefits!
What we offer:
- Competitive salary and equity packages
- Health, dental, vision insurance, and mental health resources
- An Oura Ring of your own plus employee discounts for friends & family
- 20 days of paid time off plus 13 paid holidays plus 8 days of flexible wellness time off
- Paid sick leave and parental leave
- Amazing culture of collaborative and passionate coworkers
A recruiter can determine your zones/tiers based on your US location.
To all recruitment agencies: Oura does not accept agency resumes. Please do not forward resumes to our jobs alias, Oura employees, or any other organization's location. Oura is not responsible for any fees related to unsolicited resumes.
Oura takes a market-based approach to pay, which may vary depending on your location. US locations are categorized into tiers based on a cost of labor index for that geographic area. While most offers will be closer to the starting range, successful candidates' pay will be determined based on job-related skills, experience, qualifications, work location, internal peer equity, and market conditions. The range for this position is under review and will be posted soon.
Oura is proud to be an equal-opportunity workplace. We celebrate diversity and are committed to creating an inclusive environment for all employees. Individuals seeking employment at Oura are considered without regard to age, ancestry, color, gender (including pregnancy, childbirth, or related medical conditions), gender identity or expression, genetic information, marital status, medical condition, mental or physical disability, national origin, protected family care or medical leave status, race, religion (including beliefs and practices or the absence thereof), sexual orientation, military or veteran status, or any other characteristic protected by federal, state, or local laws. We will not tolerate discrimination or harassment based on any of these characteristics.
We will work to ensure individuals with disabilities are provided reasonable accommodation to participate in the interview process, to perform essential job functions, and to receive other benefits and privileges of employment.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits CISA CISM CISSP Compliance Governance Incident response Risk assessment Risk management Security strategy Strategy
Perks/benefits: Competitive pay Equity / stock options Flex vacation Health care Insurance Medical leave Parental leave Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Security Operations Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Cyber Security Architect jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information Security Architect jobs
- Open Information System Security Officer jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open Analytics-related jobs
- Open Network security-related jobs
- Open CISA-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open TS/SCI-related jobs