GRC Analyst

Responsibilities: 

  • Contribute to the ongoing development the Information Security GRC activities, strategy, and roadmap.
  • Assist with operating IT Risk Assessment, Vendor Management, and Risk Management programs.
  • Evaluate effectiveness and perform internal testing of security controls.
  • Support internal and external audits.
  • Collect and maintain evidence of compliance with information security policies and regulatory requirements.
  • Coordinate written responses from customers and prospects on Information Security controls and regulatory compliance.
  • Review and update information security policies, procedures, standards, and other InfoSec documentation.
  • Assist in maintaining Information Security documentation repository.
  • Support vendor due diligence, security assessments and review processes.

Qualifications:
  • 1-3 years of full-time work experience in IT audit or IT risk management. Experience in leading security assessments, IT vendor risk assessments, and InfoSec control management.
  • Basic understanding of technical aspects of information security.
  • Working knowledge of common IT technologies and processes.
  • Understanding of common Information Security and Information Technology frameworks and standards, such as ITIL, COBIT, NIST, SOC-2 Type II and ISO27000 series.
  • Thorough understanding of risk management principles and methodologies.
  • Ability to transform abstract regulatory requirements into cohesive compliance actions.
  • Good communication skills including ability to present technical subjects to non-technical audiences.
  • Strong work ethic, attention to detail, and organizational skills.
  • Ability to multi-task and manage priorities in a fast-paced environment.
  • Ability to collaborate in a team setting and moderate conversations involving cross-functional groups.
  • Conceptual understanding of software development methodologies.
  • Proficient with the Microsoft office suite; presentation development skills.
  • Working knowledge of PII, PHI, financial data regulations, data residency requirements, and international regulatory aspects pertaining to sensitive information.
  • General knowledge of tools services commonly employed within InfoSec is a plus.
  • Experience with application security, SaaS, or cloud security is a plus.
  • CISSP, CISA, or a similar risk management, audit, or security certification.


Meet Some of BlackLine's Employees

Jaclyn D.

Account Manager

Jaclyn’s the main point of contact for her customers. She learns about their business goals, shows them how BlackLine can help, and ensures they’re always getting value from BlackLine’s financial solutions.

Jason L.

North America Business Development Manager

Jason manages a demand generation team. They search for prospective clients, introduce them to BlackLine, and educate them on the company’s solutions before passing them onto the sales team.


Back to top