Staff Governance, Risk, and Compliance Analyst

About Kandji
Kandji is building the future of Apple Enterprise Management. The use of Apple devices in the enterprise is growing rapidly. Drawing on decades of experience in Apple IT, we saw a dire need for a modern Apple device management platform that could accommodate growing businesses and increasing regulatory demands. 
Kandji grew to hundreds of B2B customers within a few months of initial product launch in 2019, and secured a $100 million Series C in late 2021. Today, we have a 95% Customer Satisfaction rate and a rapidly growing community of customers, including names like Crunchbase, Belkin, Rackspace, Allbirds, FabFitFun, VSCO, and Turo.
Behind our business is a handful of the best investors in tech. Together, we are creating a new category of device management that can better serve modern businesses.

The Opportunity
Kandji is looking for a Staff Governance Risk and Compliance (GRC) Analyst to add to our growing security team. This opportunity provides the ability to work with various teams to evaluate controls, perform control testing to improve the efficiency and effectiveness of the internal control programs. You will facilitate risk assessments and control reviews to accommodate new business areas as well as changes in processes. The Staff GRC Analyst will report to the VP, Security and Trust and work collaboratively with other departments.

How you will make an impact day to day

• In support of multiple attestations (e.g. ISO27001, SOC2) plan, design and execute controls testing, controls assessment and risk management across all domains for IT General Controls and other GRC requirements, as appropriate
• Conduct risk assessments against products, features, datasets, applications, and Third Party Risk Management (TPRM)
• Serve as trusted advisor and technology key controls subject matter expert; partner to evaluate the design and effectiveness of the technical and operational control environment
• Build compliance programs that facilitate growth and maturity of controls across Kandji
• Provide direction and guidance in pre-implementation reviews of new systems and services to ensure proper controls are implemented and executed to meet compliance
• Validate information security key controls to identify control risks, analyze root causes and trends in potential control weaknesses; suggest new controls to meet GRC standards where applicable
• Be a trusted advisor for in scope internal and external audits to expedite reviews and mitigate operational impacts
• Partner to gain consensus on Compliance approaches with a proven ability to effectively communicate remediation and prevention
• Develop strategies for ensuring organizational compliance with SOC2, GDPR, Data Privacy, federal, state, and local government compliance, or similar regulations.
• Assist with the preparation of reports and presentations for management and regulatory agencies.
• Assist in the development and implementation of compliance training and awareness programs.

Minimum Qualifications

• Ten (10) years or more of relevant experience in risk-based technology compliance management programs, or Auditing experience 
• Experience in performing risk-based testing for control compliance, including the identification, assessment, and mitigation of compliance issues: understanding how to balance the company's risk appetite to compliance needs/requirements
• Detailed knowledge and experience with technology controls across a variety of industry frameworks and how to assess controls supporting compliance for SOC2, FedRamp, CMMC, ISO 27001, and Privacy.
• Detailed knowledge of information security, technology compliance management industry frameworks and standards: NIST, OWASP, SANS, ISO-27001/2, SANS, and/or Cobit
• Experience developing dynamic approaches to the implementation of and technology compliance program utilizing a variety of testing methods, both manual and automated, to provide qualitative and quantitative results where applicableStrong analytical and problem-solving skills.
• Excellent written and verbal communication skills.
• Ability to manage multiple priorities and deadlines.
• Required to work on-site 3 days a week (Tuesday, Wednesday, Thursday). Managers may require additional on-site days.

Nice To Haves

• Experience and familiarity with cloud data security and working with public cloud solutions (AWS)
• Experience working with a Governance Risk and Compliance technologies
• Certifications such as CISA, CRISC, CISSP

Competencies

• Values Differences
• Communicates Effectively
• Instills Trust
• Action Oriented
• Drives Results
• Manages Complexity
• Manages Ambiguity

These requirements are for the strongest, ideal candidate.  Even if you do not outperform every bullet point, Kandji encourages you to apply.  We promote a diverse, equitable, and inclusive culture and recognize that even the strongest candidates won’t have all desired experiences and qualifications
Benefits & Perks
 • Competitive salary • 100% individual and dependent medical + dental + vision coverage • 401(k) with a 4% company match • 20 days PTO + Kandji Wellness Week off the first week of July • 14 paid holidays per year • 10 health and wellness days per year • Equity for full-time employees • 12 weeks of paid leave for new parents • Cell phone & Internet stipend • Exciting opportunities for career growth • An outstanding, inclusive culture
We are excited to be serving a significant need for a fast-growing market, and are proud of the high-performing team we have brought together so far. If you’re someone who wants to engage in new, exciting projects that will challenge your skills in the best way possible, we would love to connect with you.
At Kandji we believe in fostering an inclusive environment in which employees feel encouraged to share their unique perspectives, leverage their strengths, and act authentically. We know that diverse teams are strong teams, and welcome those from all backgrounds and varying experiences.
Kandji is proud to be an equal opportunity employer committed to diversity and inclusion in the workplace. Qualified applicants will be considered for employment without regard to race, color, religion, national origin, age, sex, sexual orientation, gender identity, physical or mental disability, protected veteran or military status or any other status protected by applicable law.
These requirements are for the strongest, ideal candidate.  Even if you do not outperform every bullet point, Kandji encourages you to apply.  We promote a diverse, equitable, and inclusive culture and recognize that even the strongest candidates won’t have all desired experiences and qualifications
Benefits & Perks
 • Competitive salary • 100% individual and dependent medical + dental + vision coverage • 401(k) with a 4% company match • 20 days PTO + Kandji Wellness Week off the first week of July • 14 paid holidays per year • 10 health and wellness days per year • Equity for full-time employees • 12 weeks of paid leave for new parents • Cell phone & Internet stipend • Exciting opportunities for career growth • An outstanding, inclusive culture
We are excited to be serving a significant need for a fast-growing market, and are proud of the high-performing team we have brought together so far. If you’re someone who wants to engage in new, exciting projects that will challenge your skills in the best way possible, we would love to connect with you.
At Kandji we believe in fostering an inclusive environment in which employees feel encouraged to share their unique perspectives, leverage their strengths, and act authentically. We know that diverse teams are strong teams, and welcome those from all backgrounds and varying experiences.
Kandji is proud to be an equal opportunity employer committed to diversity and inclusion in the workplace. Qualified applicants will be considered for employment without regard to race, color, religion, national origin, age, sex, sexual orientation, gender identity, physical or mental disability, protected veteran or military status or any other status protected by applicable law.