Information Risk Analyst, GRC

Remote North America

Applications have closed


Get your ideas to market faster with a developer data platform built on the leading modern database. MongoDB makes working with data easy.

View company page

The worldwide data management software market is massive (IDC forecasts it to be $136 billion by 2027!). At MongoDB we are transforming industries and empowering developers to build amazing apps that people use every day. We are the leading developer data platform and the first database provider to IPO in over 20 years. Join our team and be at the forefront of innovation and creativity.

MongoDB is seeking an Information Risk Analyst to support our MongoDB GRC (Governance, Risk and Compliance) Program’s information risk management process.

MongoDB aligns its practices to multiple compliance frameworks in order to support our customer’s needs. As we continue to grow, MongoDB is expanding to support more compliance frameworks. The Information Risk Analyst will support information risk assessment and remediation efforts involving information risk assessments, remediation and reporting activities, inform internal stakeholders of their information risk management requirements and assist in customer requests for compliance and security information.

The Information Risk Analyst should be able to support and setting up all periodic information risk assessments, creation and support of risk management options, assist with the growth and expansion of information risk program in terms of scope of the assets evaluated, and the types of risk reviews supported (Escalation, Change, Internal Product Reviews).

They should be able to support Information Risk Program requirements during compliance audits, through understanding of underlying risk management framework (NIST SP 800-53, NIST SP 800-30, NIST SP 800-37, NIST SP 800-39, NIST CSF, ISO 27001, ISO27005) and have technical knowledge of Information and Cloud security controls.

This is a critically important role and a great opportunity to help build out an internal GRC Program and help scale MongoDB Inc. to support our customer’s needs. MongoDB is a breakthrough company that is disrupting a $74B market, expected to grow to $121B by 2025. This position has significant growth potential and we’re looking for someone who is excited to take initiative and help lead. 

This role will be based remotely in North America.

The right candidate for this role will have:

  • Hands on experience working with enterprise and/or information risk management frameworks (i.e., NIST SP 800-53 NIST SP 800-30, NIST SP 800-37, NIST SP 800-39, NIST CSF, ISO27001, ISO27005) 
  • Understanding of Cloud Environments (AWS, GCP, Azure) especially focusing on security controls and features
  • Understanding of Information Security Controls through basic technical knowledge of Information Security domains, controls and its implementation
  • Experience with  risk management, audit and/or consulting is beneficial
  • Minimum 3 years experience of performing risk management, GRC activities or compliance programs 
  • Familiarity with compliance frameworks such as ISO27001, SOC2, PCI, HIPAA, etc.  
  • Familiarity with MITRE ATT&CK framework, STRIDE, OWASP Top 10 for internet and cloud vulnerabilities
  • The ability to work in a fast-paced tech environment, managing multiple large scale projects simultaneously
  • Ability to communicate clearly to various levels of management and across various business functions (including engineering)
  • Bachelor’s degree in Computer Science, Cyber Security, Information Security, Information Systems Management, Information Technology Auditing or related relevant field
  • An entrepreneurial spirit -- thrive in our dynamic work environment, contributing to our continued growth and success

Position Expectations 

  • Interface with MongoDB internal engineering stakeholders to drive information risk processes and requirements
  • Support the MongoDB information risk management program, with focus areas being information risk assessment and remediation cycles
  • Support periodic internal and external audits, as needed
  • Respond to customer information requests as they relate to information risk management
  • Assist in the development of Key Risk Indicators to reinforce the GRC Programs
  • Participate in periodic review of policies to ensure their alignment with company objectives, security imperatives, and evolving requirements within the Information Risk Program
  • Position is expected to be REMOTE, with an opportunity to go into the office if needed, and based on the candidate’s geographical location

Success Measures

The Information Risk Analyst  will be successful in this role when they can execute the following strategic tasks: 

  • People: Collaborate with leads to understand our customer's risk and compliance requests and necessary risks/gaps to address
  • Organization: Ability to support multiple parallel efforts and prioritize tasks based upon understanding of team needs
  • Communication: Successfully communicate recommendations and rationale to both technical and non-technical stakeholders
  • Research: Gather and analyze feedback from internal stakeholders and develop pragmatic recommendations with respect to information risk initiatives
  • Customer Service: Ensure MongoDB’s GRC Program operates efficiently with minimal interruption to MongoDB teams. Provide great customer service when interfacing with other MongoDB Teams

To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.

MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type and makes all hiring decisions without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Audits AWS Azure Cloud Compliance Computer Science GCP Governance HIPAA ISO 27001 ISO 27005 MITRE ATT&CK MongoDB NIST OWASP Risk assessment Risk management SOC 2 Vulnerabilities

Perks/benefits: Career development Fertility benefits Parental leave

Regions: Remote/Anywhere North America
Job stats:  51  16  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.