Security Privacy, Trust, and GRC Analyst II

As the leading workforce management solution for the skilled trades, Workrise makes it easier for skilled laborers to find work, and for companies to find in-demand workers. Workrise currently operates in wind, solar, construction, oil and gas, and defense industries. We’re growing, and we’d love to learn what you can add to our team!

Workrise is hiring an Analyst II, Security Privacy, Trust, and GRC that will be responsible for assisting in the development and management of the data privacy, customer trust, and security governance, risk, and compliance functions. This role will initially support the development and maintenance of foundational elements of the functions and grow into the ownership of multiple compliance programs or functions. Our ideal candidate for this role will be someone who has multiple years of experience in the privacy, trust, or GRC space but wants to learn and grow across all functions and who is eager to learn, analytical, and diligent. 

Why Join us? Our Security Privacy, Trust, and GRC team at Workrise is helping to build a modern and  scalable platform for the future of the skilled labor workforce. You will be building and then owning security functions within the security organization. You will have the opportunity to engage with stakeholders and control owners across the organization as you work to build out all of the necessary pieces of privacy, trust, and GRC. You will have the opportunity to provide real impact in moving the ball forward for privacy, trust, and GRC to allow Workrise to scale, grow, and win new business.

What you’ll be doing:

• Assist in the development and management of the information security policies and standards in concert with stakeholders from across the organization
• Assist in the development and operation of the cyber risk management program
• Assist in the execution of cyber risk assessments for business processes, technology, and products
• Track open risk items to ensure milestones are achieved and risk owners are supported
• Support the development and management of security compliance programs for industry security frameworks (SOX ITGCs, AICPA TSC [SOC 2], ISO 27001, GDPR, CCPA, NIST CSF, etc.)
• Collaborate with control owners and other stakeholders across the organization on GRC and other security initiatives
• Assist in the maintenance of a common control framework and the implementation of GRC tooling
• Performance of security IT audits to include evidence lifecycle management, control walkthrough scheduling and execution, documentation of control GAPs, and management of corrective action plans
• Build relationships with other departments and a broad range of Workrise employees at various levels to accomplish program objectives and further Security goals
• Respond to requests from external parties regarding the state of security at Workrise (questionnaires, evidence requests, etc.)
• Assist in the development of the Customer Trust function
• Facilitate external audits by customers and certification bodies through the management of the audit lifecycle
• Assist in the response and notification process for the breach of sensitive and/or personal information

What you should have:

• Bachelor’s degree in computer science, information systems management, cybersecurity, information assurance or related field or equivalent relevant experience
• 2+ years of technical professional experience in IT audit, IT risk management, or security governance
• Solid experience in assessing the effectiveness of information security controls (test of design, test of effectiveness, etc.)
• Understanding and experience with cyber risk management and mitigation
• Experience across most control domains (i.e., access management, change management, security operations, etc.)
• Working knowledge of multiple industry accepted information security frameworks (SOX ITGCs, AICPA TSC [SOC 2], ISO 27001, GDPR, CCPA, NIST CSF, etc)
• Experience with public cloud solution providers (AWS, Azure, and/or Google)
• Exposure to and/or understanding of GRC tooling
• Good written and verbal communication skills 
• Strong work ethic, critical thinking, and attention to detail 

Nice to have but not required:

• Posses multiple industry accepted information security certifications (CISA, CISSP, CRISC, CCSK, CIPPP, etc)
• Experience in the oil and gas industry

More than a job:

At Workrise you can feel good about supporting our mission to serve those who do the hard work. We recognize that making an impact matters to you and we believe in providing an environment that fosters your growth. We use data to drive our decisions and improve the experience of our workers and the clients we serve. With mutual respect for each other, we continually collaborate to find the best solution.

In appreciation for your contributions, we support you with:

• Talented peers who can help bring out your best
• Medical, dental, and vision insurance
• Flexible remote work support where applicable
• Professional development budget, wellness allowance and vacation stipend for eligible roles
• Opportunity to earn bonus, commission, and/or equity on eligible roles
• Flexible paid time off for full-time
• 401(k) with company matching contribution

Workrise is committed to providing an environment where any and all people feel belonging, respected, and free to be their authentic selves. We welcome applicants of all gender identity and expression, sexual orientation, neurodiversity, educational background, religion, ethnicity, disability, age, veteran status, and citizenship. We’d love to learn what you can add to our team.

Who we are:

In 2014, we set out to create a better way to manage and deploy Oil & Gas workers at scale through technology. Over time, we’ve grown to add Renewables in service of the energy industry. 

We’re a Series E startup, backed by industry-leading investors Founders Fund, Bedrock Capital, Andreesen Horowitz, and Baillie Gifford. To date, we’ve placed over 26,000 skilled tradespeople with over 500 businesses and are poised to grow exponentially.

We’d love to share more through the interview process and look forward to learning more about your journey.

To all recruitment agencies: Workrise does not accept agency resumes. Please do not forward resumes to our jobs alias, Workrise employees or any other organization location. Workrise is not responsible for any fees related to unsolicited resumes.