Information Risk Analyst, GRC
Remote North America
MongoDBGet your ideas to market faster with a developer data platform built on the leading modern database. MongoDB makes working with data easy.
The worldwide data management software market is massive (IDC forecasts it to be $136 billion by 2027!). At MongoDB we are transforming industries and empowering developers to build amazing apps that people use every day. We are the leading developer data platform and the first database provider to IPO in over 20 years. Join our team and be at the forefront of innovation and creativity.
MongoDB is seeking an Information Risk Analyst to support our MongoDB GRC (Governance, Risk and Compliance) Program’s information risk management process.
MongoDB aligns its practices to multiple compliance frameworks in order to support our customer’s needs. As we continue to grow, MongoDB is expanding to support more compliance frameworks. The Information Risk Analyst will support information risk assessment and remediation efforts involving information risk assessments, remediation and reporting activities, inform internal stakeholders of their information risk management requirements and assist in customer requests for compliance and security information.
The Information Risk Analyst should be able to support and setting up all periodic information risk assessments, creation and support of risk management options, assist with the growth and expansion of information risk program in terms of scope of the assets evaluated, and the types of risk reviews supported (Escalation, Change, Internal Product Reviews).
They should be able to support Information Risk Program requirements during compliance audits, through understanding of underlying risk management framework (NIST SP 800-53, NIST SP 800-30, NIST SP 800-37, NIST SP 800-39, NIST CSF, ISO 27001, ISO27005) and have technical knowledge of Information and Cloud security controls.
This is a critically important role and a great opportunity to help build out an internal GRC Program and help scale MongoDB Inc. to support our customer’s needs. MongoDB is a breakthrough company that is disrupting a $74B market, expected to grow to $121B by 2025. This position has significant growth potential and we’re looking for someone who is excited to take initiative and help lead.
This role will be based remotely in North America.
The right candidate for this role will have:
- Hands on experience working with enterprise and/or information risk management frameworks (i.e., NIST SP 800-53 NIST SP 800-30, NIST SP 800-37, NIST SP 800-39, NIST CSF, ISO27001, ISO27005)
- Understanding of Cloud Environments (AWS, GCP, Azure) especially focusing on security controls and features
- Understanding of Information Security Controls through basic technical knowledge of Information Security domains, controls and its implementation
- Experience with risk management, audit and/or consulting is beneficial
- Minimum 3 years experience of performing risk management, GRC activities or compliance programs
- Familiarity with compliance frameworks such as ISO27001, SOC2, PCI, HIPAA, etc.
- Familiarity with MITRE ATT&CK framework, STRIDE, OWASP Top 10 for internet and cloud vulnerabilities
- The ability to work in a fast-paced tech environment, managing multiple large scale projects simultaneously
- Ability to communicate clearly to various levels of management and across various business functions (including engineering)
- Bachelor’s degree in Computer Science, Cyber Security, Information Security, Information Systems Management, Information Technology Auditing or related relevant field
- An entrepreneurial spirit -- thrive in our dynamic work environment, contributing to our continued growth and success
- Interface with MongoDB internal engineering stakeholders to drive information risk processes and requirements
- Support the MongoDB information risk management program, with focus areas being information risk assessment and remediation cycles
- Support periodic internal and external audits, as needed
- Respond to customer information requests as they relate to information risk management
- Assist in the development of Key Risk Indicators to reinforce the GRC Programs
- Participate in periodic review of policies to ensure their alignment with company objectives, security imperatives, and evolving requirements within the Information Risk Program
- Position is expected to be REMOTE, with an opportunity to go into the office if needed, and based on the candidate’s geographical location
The Information Risk Analyst will be successful in this role when they can execute the following strategic tasks:
- People: Collaborate with leads to understand our customer's risk and compliance requests and necessary risks/gaps to address
- Organization: Ability to support multiple parallel efforts and prioritize tasks based upon understanding of team needs
- Communication: Successfully communicate recommendations and rationale to both technical and non-technical stakeholders
- Research: Gather and analyze feedback from internal stakeholders and develop pragmatic recommendations with respect to information risk initiatives
- Customer Service: Ensure MongoDB’s GRC Program operates efficiently with minimal interruption to MongoDB teams. Provide great customer service when interfacing with other MongoDB Teams
To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!
MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.
MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type and makes all hiring decisions without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
More jobs like this
Remote - Texas Remote - Texas Full TimeSenior Senior-levelUSD 150K - 190K USD 150K+
Sr Director Analyst, Technical Expert - SOC, SIEM, Network Security, Remote - USNetwork security Privacy SIEM SOC Strategy ZTNA
401(k) matching Career development Conferences Salary bonus Startup environment +1
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Security Analyst jobs
- Open o365 Security Architect jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Security Researcher jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open SOC-related jobs
- Open GCP-related jobs
- Open Risk assessment-related jobs
- Open Governance-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open Vulnerability management-related jobs
- Open Java-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open DevOps-related jobs
- Open Forensics-related jobs
- Open APIs-related jobs
- Open DoD-related jobs
- Open IDS-related jobs
- Open SQL-related jobs