GRC Analyst

Ōura is an award-winning and fast-growing startup that helps people track all stages of sleep and activity using the Ōura Ring and connected app. By providing daily feedback and practical steps to inspire healthy lifestyles, we’ve helped over one million people improve their sleep, understand their bodies, and transform their health. We’re on a mission to empower every person to own their inner potential, and we’re seeking candidates who want to make an impact on our journey.

For us, empowering the world starts with living our values and empowering our team. As a quickly growing company focused on helping people live healthier and happier lives, we work to promote work-life balance and ensure that our team members have what they need to do their best work — both in and out of the office.

We are looking for a Governance, Risk and Compliance Analyst to join our Security team. Our team is responsible for protecting data, systems, and employees from security threats. Our team works together with all other teams in assessing security risks, reacting to vulnerabilities, analyzing event data, designing security controls, as well as improving processes and tools.

This role is based in the United States and can be a remote role.

• Work with internal and external stakeholders to build whitepapers, documentation, and such to explain Oura’s security posture
• Help B2B sales in answering security and privacy related questions from customers
• Manage improvements to security governance and compliance tasks
• Create process documentation, including workflows, process maps and controls
• Partial responsibility of annual security clock activities such as reviews, audits, etc
• Own Oura’s GRC system and ensure stakeholders are supported
• Work with peers to implement, monitor and maintain various security frameworks
• Help build and define security posture, and enable cyber resilience

Requirements

We would love to have you on our team if you have any of the following, but don’t worry too much if you don’t fill all the requirements:

• 5+ years of relevant experience
• Knowledge of security controls required by common security frameworks. Optimally demonstrated by CISA, CISM, CISSP, or such certification
• Experience with GRC (Governance, Risk, Compliance) work. Preferably also some experience with using and managing GRC systems
• Fundamental understanding of accepted security practices, troubleshooting issues, attack vectors, and customer support
• Solid understanding of how systems work, what security risks affect a variety of data types, applications, and cloud infrastructure
• Strong problem-solving and analytical skills
• Ability to dig for answers from engineering and explain cloud-based technologies and architectures to customers
• Good documentation skills
• Prior experience working with customers – especially B2B customers
• Great social skills to help find answers to security questions from the experts
• Understanding of ISO, SOC2, PCI, NIST and similar certification frameworks.
• Fluent English language skills
• Excellent communication, interpersonal, and collaboration skills
• Prior experience of working with cross-cultural teams

Benefits

What we offer:

At Oura, we care about you and your well-being. Everyone at Oura gets a ring of their own, and we’re continually looking for ways to improve everyone’s health and add to our benefits!

What we offer:

• Competitive salary and equity packages
• Health, dental, vision insurance, and mental health resources
• An Oura Ring of your own + employee discounts for friends & family
• Fertility benefits through Carrot Pro
• Flexible working hours and remote working arrangements
• $500 for initial WFH setup + $300 monthly wellness stipend
• $25 DoorDash credit every Friday for lunch
• 20 days of PTO + 13 paid holidays + 8 days of flexible wellness time off
• 5 days paid sick leave, four days bereavement leave, 12 weeks paid parental leave
• Amazing culture of collaborative and passionate coworkers

Oura takes a market-based approach to pay, and pay may vary depending on your location. US locations are categorized into tiers based on a cost of labor index for that geographic area. While most offers will be closer to the starting range, successful candidates’ pay will be determined based on job-related skills, experience, qualifications, work location, internal peer equity, and market conditions. These ranges may be modified in the future.

Region 1 $135,000 - $145,000

Region 2 $128,000 - $138,000

Region 3 $120,000 - $130,000

Region 4 $114,000 - $124,000

A recruiter will be able to determine your zones/tiers based on your US location.

Oura is proud to be an equal-opportunity workplace. We celebrate diversity and are committed to creating an inclusive environment for all employees. Individuals seeking employment at Oura are considered without regard to age, ancestry, color, gender (including pregnancy, childbirth, or related medical conditions), gender identity or expression, genetic information, marital status, medical condition, mental or physical disability, national origin, socioeconomic status, protected family care or medical leave status, race, religion (including beliefs and practices or the absence thereof), sexual orientation, military or veteran status, or any other characteristic protected by federal, state, or local laws. We will not tolerate discrimination or harassment based on any of these characteristics.