Senior Security Governance Analyst

Senior Security Governance Analyst

This role is for someone who is looking to positively impact Rapid7 with their information security knowledge by contributing to Security Trust & Governance operations. An information security, governance & compliance and/or information technology background would set you up for success in this position. Your ability to successfully carry out cross-functional work will require strong communication skills, patience, and a solution-oriented attitude.

You'll join us in our new Prague (Czech Republic) office and work with an energized team that cares deeply about the success of these initiatives, and leadership that values work-life balance, an inclusive culture, and your ongoing career development.

• Drive security compliance efforts identifying, analyzing and enabling requirements and controls implementation, to set up a high bar at Rapid7 and meet our customers and auditors expectations.
• Act as an security-SME-in-the-middle between external stakeholders and internal experts to ensure accurate security responses tied to our regulatory and contractual requirements.
• Constantly influence Rapid7 to improve its security posture leveraging compliance and security frameworks adapting them to contextual needs.
• Address questions about Rapid7's internal security program from customers, prospects, and auditors. This will often require working with other members of the Information Security team, and with other Rapid7 teams, including Engineering, Product Management, Content Strategy, and Legal.
• Work in different initiatives simultaneously managing expectations with all stakeholders.
• Assist lead members of the security team with tasks related to:
  
  
  • General information security risk management and assessment initiatives
  • Identify risks while evaluating the design and operational effectiveness of controls to report opportunities for improvement
  • Define and product metrics for Management consumption
  • Aiding in security awareness and culture initiatives throughout the company
  • Compliance program maintenance and audit management
  • Policy and standard development
  • Workflow/process improvements

• 5+ years of experience in information security, information technology, audit/compliance management, data privacy/management, or an adjacent field.
• Ability to analyze security requirements, identify gaps and help to define corrective actions..
• Strong project management abilities, including ability to coordinate initiatives across technical and non-technical teams/stakeholders and managing distributed teams and projects.
• Experience collaborating closely with security partners, including incident response, red teams, architects, and engineers to seamlessly incorporate cybersecurity controls and risk management processes into their day-to-day operations.
• Strong communication skills with the ability to translate complex technical concepts into business language
• Experience with security standards/frameworks such as ISO 27001, SOC2, PCI, FedRAMP, NIST CSF, CIS CSC, etc.
• Knowledge of public cloud environments, sdlc and access management process among others.
• Interested in emerging technologies such as Artificial Intelligence or Quantum Computing and in general with the fast evolving threat landscape.