Governance Risk and Compliance Analyst

By making evidence the heart of security, we help customers stay ahead of ever-changing cyber-attacks.

Corelight is the cybersecurity company that transforms network and cloud activity into evidence.  Evidence that elite defenders use to proactively hunt for threats, accelerate response to cyber incidents, gain complete network visibility and create powerful analytics using machine-learning and behavioral analysis tools.  Easily deployed, and available in traditional and SaaS-based formats, Corelight is the fastest-growing Network Detection and Response (NDR) platform in the industry.  And we are the only NDR platform that leverages the power of Open Source projects in addition to our own technology to deliver Intrusion Detection (IDS), Network Security Monitoring (NSM), and Smart PCAP solutions.  We sell to some of the most sensitive, mission critical large enterprises and government agencies in the world.

If you thrive in a fast-paced environment where attention to detail and a proactive approach are essential and are passionate about information security and ensuring compliance, our Governance, Risk, and Compliance Analyst role at Corelight might be the perfect fit for you!

Role:

• Play a key role in supporting Corelight's information security governance, risk management, and compliance processes. This includes staying up-to-date on relevant regulations and industry standards, identifying and mitigating risks, and ensuring compliance with internal policies.
• Monitor and report on internal compliance against external regulations and industry standards. You will be responsible for gathering data, analyzing it, and creating reports that communicate the organization's compliance posture to stakeholders.
• Provide support to the information security and privacy as needed. This might involve tasks such as assisting with audits, investigations, and incident response activities.

Responsibilities:

• An understanding of information security governance, risk management, and compliance frameworks.
• Experience in monitoring and reporting on compliance against external regulations and industry standards.
• Excellent analytical and problem-solving skills.
• The ability to work independently and as part of a team.
• Strong communication and writing skills.
• Ability to work effectively with stakeholders at all levels.
• Strong organizational and time management skills

Qualifications

• Bachelor’s Degree/equivalent in Business, Cyber security, Information Systems.
• Three (3) to Five (5) years of work experience in governance risk and compliance or security field.
• Must be open to obtaining industry-specific compliance certifications.
• Experience with developing and implementing GRC policies and procedures.
• Experience with conducting internal and external audits and investigations.

Preferred:

Governance:

• Develop and implement policies and procedures to ensure compliance with internal and external regulations, industry standards, and best practices.
• Collaborate with various departments to ensure alignment with governance policies and procedures.
• Promote training campaigns to help support culture of ethical behavior and compliance within the organization.
• Familiarity with frameworks like (i.e., ISO2700x, NIST 800-53, SOC 2)

Risk Management:

• Monitor and update risk assessments on a regular basis.
• Work with GRC Director to identify root cause of risks and identify effective mitigation strategies.
• Understand Risk management framework documentation as it relates to various security assurance frameworks

Compliance:

• Monitor and track compliance with relevant regulations (e.g., information system, data privacy).
• Stay up to date on changes in relevant regulations and adapt compliance practices accordingly.
• Maintain accurate and up to date GRC documentation.
• Provide training and support to employees on GRC policies and procedures.
• Work with GRC Director to implement GRC software solutions.
• Comfortable and effective in building partnerships throughout internal business divisions.
• Ability to research regulations, interpret their meaning.

We are proud of our culture and values - driving diversity of background and thought, low-ego results, applied curiosity and tireless service to our customers and community.  Corelight is committed to a geographically dispersed yet connected employee base with employees working from home and office locations around the world.  Fueled by an accelerating revenue stream, and investments from top-tier venture capital organizations such as Crowdstrike, Accel and Insight - we are rapidly expanding our team.  

Check us out at www.corelight.com