Senior GRC Analyst

Bitsight is a cyber risk management leader transforming how companies manage exposure, performance, and risk for themselves and their third parties. Companies rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss.
Built on over a decade of technological innovation, its integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance, and data analysis.

• We invented the cyber ratings industry in 2011
• Over 3000 customers trust Bitsight
• Over 750 teammates are dispersed throughout Boston, Raleigh, New York, Lisbon, Singapore, and remote

Key Responsibilities:

• Lead the Development of a Scalable Compliance Program:
  Manage and enhance a comprehensive compliance strategy to meet evolving regulatory requirements and industry standards.

• Perform Vendor Risk Assessments:
  Serve as an escalation point and perform third-party risk assessments on current and potential vendors.

• Serve as a Compliance Subject Matter Expert:
  Act as the primary contact for internal stakeholders on IT compliance-related questions, providing guidance on technical issues, responding to escalations, and supporting sales and customer inquiries.

• Document and Maintain GRC Frameworks:
  Lead efforts in documenting and improving governance, risk, and compliance processes, ensuring alignment with industry best practices. Understand technical controls related to endpoints, cloud infrastructure, and networks.

• Manage External Audits and Regulatory Inquiries:
  Oversee and coordinate responses to regulatory reviews, external audits, and due diligence requests, including those related to SOC 2, ISO 27001, NIST, and partner due diligence.

• Implement and Oversee Continuous Monitoring Programs:
  Develop and manage continuous monitoring strategies for IT compliance and automate manual processes to enhance efficiency and reduce risk exposure.

• Monitor Emerging Regulatory Trends:
  Stay informed about industry regulations and compliance trends to ensure timely integration and updates to Bitsight’s security policies and processes.

• Administer Cloud-Based GRC Tools:
  Lead the configuration, implementation, and optimization of cloud-based GRC tools, ensuring alignment with business objectives.

• Process Improvements:
  Explore the use of AI and automation to streamline and scale workflows.

• Mentor and Guide Teammates:
  Provide leadership, mentorship, and training to GRC Analysts and Associate Analysts, fostering an environment of continuous learning and development.

Qualifications and Skills:

• Education:
  Bachelor’s degree in Information Technology, Cybersecurity, or a related field. Advanced degrees or certifications (e.g., CISSP, CISA, CRISC, CISM) are preferred.

• Experience:
  Minimum of 5–7 years of experience in information security, risk management, or IT compliance, with proven experience leading compliance initiatives and security audits.

• Expert Knowledge of Security Standards:
  In-depth knowledge of security frameworks and regulations such as SOC 2, ISO 27001, GDPR, CCPA, and SOX.

• Proven Ability to Lead and Influence:
  Strong leadership skills with the ability to drive complex projects, manage multiple high-priority tasks, and collaborate with diverse teams.

• Excellent Communication Skills:
  Advanced proficiency in formal report writing and presentations, with the ability to convey security awareness, cyber risk, and fraud risk to technical and non-technical audiences.

• Innovative Problem-Solver:
  Ability to develop creative solutions to complex security and compliance challenges, balancing business needs with risk mitigation.

• Adaptability in a Fast-Paced Environment:
  Thrive in a dynamic, rapidly evolving workplace while consistently meeting deadlines and organizational goals.

Work Environment:

• Collaborative and Inclusive:
  Work closely with cross-functional teams in a collaborative and inclusive environment, ensuring the successful implementation of security and compliance initiatives.

• Continuous Learning and Growth Opportunities:
  Access to professional development opportunities, including industry certifications, training, and relevant conferences.

Additional Qualifications:

• Technical Skills:
  Experience with GRC tools and technologies, and familiarity with cloud security best practices and risk management.

• Attention to Detail:
  Strong focus on accuracy and detail in documentation, audits, and reporting.

Diversity. Bitsight is proud to be an equal opportunity employer. This means we do not tolerate discrimination of any kind and are committed to providing equal employment opportunities regardless of your gender identity, race, nationality, religion, sexual orientation, status as a protected veteran, or status as an individual with a disability.

Culture. We put our people first. Bitsight offers best in class benefits. We devote the same energy to nurturing our company's inclusive culture as we apply to serving our customers' needs. Working at Bitsight will give you the opportunity to fulfill your professional goals and expand your skills.

Open-minded. If you got to this point, we hope you’re feeling excited about the job description you just read.  Even if you don’t feel that you meet every single requirement, we still encourage you to apply.  We’re eager to meet people that believe in Bitsight’s mission and can contribute to our team in a variety of ways.

Additional Information for United States of America Applicants:

Bitsight also provides reasonable accommodations to qualified individuals with disabilities or based on a sincerely held religious belief in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email recruiting@bitsight.com. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.

Qualified applicants with criminal histories will be considered for employment consistent with applicable law.

This position may be considered a promotional opportunity pursuant to the Colorado Equal Pay for Equal Work Act.

The anticipated hiring base salary range for this position is US $90,000 to $110,000 annually for US-based employees.  This range reflects the minimum and maximum target for new hire salaries for the position across all US locations, is based on a full-time work schedule, and is Bitsight’s good faith estimate as of the date of this posting.  Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.In addition to base salary, this role is eligible for participation in a bonus or commission plan and an equity grant. Bitsight also offers a competitive benefits package, including but not but limited to medical, dental, and vision insurance; paid parental leave; flexible time off; a 401(k) plan with employee and company contribution opportunities; life and disability insurance; and tuition reimbursement.