Junior GRC Risk Analyst

Jobright is an AI-powered career platform that helps job seekers discover the top opportunities in the US. We are NOT a staffing agency. Jobright does not hire directly for these positions. We connect you with verified openings from employers you can trust.

Job Summary:

Tanium is a leading provider of real-time cloud-based endpoint management and security solutions. The GRC Risk Analyst will conduct compliance assessments, develop policies, and manage risks while ensuring the organization adheres to regulatory requirements and industry standards.

Responsibilities:

• Executes audits and risk assessments, communicates results of findings and makes recommendations for improvement through concise, high-quality reports

• Ensures company management is knowledgeable of the risks of noncompliance to information security standards and regulatory requirements

• Writes and revises policies, standards, procedures, guidelines and other documentation based on Tanium’s business needs

• Participates in Information Security, Information Technology and Product Security projects driving the implementation of new process improvements and risk treatments

• Works closely with Information Security, Information Technology, Product Security and System Owners to review and respond to security questionnaires and due diligence requests

• Assists in the assessment and review of new vendors to ensure adequate levels of controls are in place to maintain compliance with security requirements

• Prepares reports summarizing risk assessment findings and presents them to management

• Recommends changes in business processes or policies to manage risks.

• Ensures compliance with regulatory requirements related to risk management

• Monitors risks, proposing preventive measures and solutions to prevent future risks

• Collaborates with key stakeholders to communicate risk status and initiatives

Qualifications:

Required:

• Bachelor's Degree in Computer Science, Engineering or equivalent experience

• 1-3 years in information technology / information security auditing, preferably within a software engineering environment

• Technical knowledge of fundamental audit and risk concepts within the context of information technology and information security

• Familiarity with one or more of the following frameworks: FedRAMP, StateRAMP, CMMC, ISO 27001:2013, SOC2, NIST Cyber Security Framework (CSF)

• Experience writing audit findings, reports, policies, standards, procedures and guidelines

• Comfortable performing technical interviews with technical personnel and business process reviews with non-technical personnel

• Working knowledge of risk assessment methodologies, contingency planning approaches, data analysis techniques and improvement tools including root cause analysis, corrective action, preventative action, Plan-Do-Check-Act and the cost of quality

• Working knowledge of improvement programs such as Total Quality Management, ISO 9001, Six Sigma, Theory of Constraints or Lean

• Experience managing projects, implementing change and tracking their implementation progress

• Excellent knowledge of risk analysis methodologies and tools

• Strong analytical and problem-solving skills

• Proficiency in risk management software

• Excellent communication and presentation skills

• US Work Authorization Required

Company:

Tanium is an IT security firm that provides risk management, incident response, EDR, and patch management services. Founded in 2007, the company is headquartered in Kirkland, Washington, USA, with a team of 1001-5000 employees. The company is currently Late Stage.