Virtru
Security Governance Risk & Compliance (GRC) Analyst
Virtru, Washington, District of Columbia, us, 20022
Overview
Security Governance Risk & Compliance (GRC) Analyst Virtru is a leading data protection provider backed by venture capital firms in Silicon Valley and the Mid-Atlantic region. We enable customers to take granular control of their data through end-to-end encryption for Google, Microsoft, and other data sharing platforms. Our portfolio is built on the Trusted Data Format (TDF) open standard. At Virtru, we are committed to changing the rules for data privacy and supporting our customers with a secure, scalable compliance program. We value input from every team member and offer opportunities for professional growth within a collaborative environment. Compensation:
$130,000-$180,000/year
Responsibilities
Manage and implement complex controls frameworks for large systems, including Cloud infrastructure and SaaS services (GCP, AWS, GitHub, Okta, etc.).
Design and develop automation solutions for evidence collection across cloud infrastructure, endpoints, and SaaS services.
Conduct risk assessments across business units and processes, identify risk findings, and recommend remediation and risk mitigation strategies.
Assist or implement automated controls to support risk mitigation efforts across various business units with stakeholders.
Incorporate CMMC certification into Virtru's compliance assessments and ongoing monitoring (FedRAMP, SOC 2, PCI).
Facilitate third-party vendor onboarding and annual reviews by evaluating the security of current and prospective partners.
Participate in incident response activities, providing risk analysis and remediation support as needed.
Enhance the team with proactive collaboration and a commitment to learning.
Skills & Qualifications
Minimum of 5+ years of information security, IT audit and/or IT risk management, or GRC analyst/engineer experience.
Deep understanding of frameworks such as CMMC, NIST 800-53 & 800-171, FedRAMP, SOC 2, PCI, and other global privacy compliance frameworks.
Technical acumen with modern cloud technologies (AWS, GCP, Azure) and familiarity with GRC tools (Hyperproof, Vanta, Drata) and SIEM tools (Datadog, Splunk).
Strong ability to translate risk to both business and technical stakeholders.
Experience training and coaching teams to improve security and privacy practices.
Autonomous, agile mindset with ownership of security while collaborating effectively with others.
Ability to resolve conflicts and drive issues to completion; work independently with high efficiency.
Hands-on experience deploying and managing vulnerability scanning and cloud security posture management tools (e.g., Wiz, Prisma Cloud).
Real-world incident response experience and on-call participation.
Basic scripting knowledge (Bash, Python, or JavaScript) to automate tasks.
Familiarity with GitOps and Infrastructure-as-Code concepts.
Perks & Benefits
A Flexible PTO policy plus 14 holidays.
A $1,500 annual Learning & Development stipend.
Regular company-sponsored team celebrations.
Employee Assistance Program and access to Headspace for mental wellbeing.
3% retirement contribution and stock options.
Flexible policies to accommodate appointments, errands, or family needs.
Virtru is committed to building an inclusive environment for people of all backgrounds. We are an Equal Opportunity Employer and do not discriminate on the basis of race, color, gender, sexual orientation, gender identity or expression, religion, disability, national origin, protected veteran status, age, or any other status protected by applicable law.
#J-18808-Ljbffr
Security Governance Risk & Compliance (GRC) Analyst Virtru is a leading data protection provider backed by venture capital firms in Silicon Valley and the Mid-Atlantic region. We enable customers to take granular control of their data through end-to-end encryption for Google, Microsoft, and other data sharing platforms. Our portfolio is built on the Trusted Data Format (TDF) open standard. At Virtru, we are committed to changing the rules for data privacy and supporting our customers with a secure, scalable compliance program. We value input from every team member and offer opportunities for professional growth within a collaborative environment. Compensation:
$130,000-$180,000/year
Responsibilities
Manage and implement complex controls frameworks for large systems, including Cloud infrastructure and SaaS services (GCP, AWS, GitHub, Okta, etc.).
Design and develop automation solutions for evidence collection across cloud infrastructure, endpoints, and SaaS services.
Conduct risk assessments across business units and processes, identify risk findings, and recommend remediation and risk mitigation strategies.
Assist or implement automated controls to support risk mitigation efforts across various business units with stakeholders.
Incorporate CMMC certification into Virtru's compliance assessments and ongoing monitoring (FedRAMP, SOC 2, PCI).
Facilitate third-party vendor onboarding and annual reviews by evaluating the security of current and prospective partners.
Participate in incident response activities, providing risk analysis and remediation support as needed.
Enhance the team with proactive collaboration and a commitment to learning.
Skills & Qualifications
Minimum of 5+ years of information security, IT audit and/or IT risk management, or GRC analyst/engineer experience.
Deep understanding of frameworks such as CMMC, NIST 800-53 & 800-171, FedRAMP, SOC 2, PCI, and other global privacy compliance frameworks.
Technical acumen with modern cloud technologies (AWS, GCP, Azure) and familiarity with GRC tools (Hyperproof, Vanta, Drata) and SIEM tools (Datadog, Splunk).
Strong ability to translate risk to both business and technical stakeholders.
Experience training and coaching teams to improve security and privacy practices.
Autonomous, agile mindset with ownership of security while collaborating effectively with others.
Ability to resolve conflicts and drive issues to completion; work independently with high efficiency.
Hands-on experience deploying and managing vulnerability scanning and cloud security posture management tools (e.g., Wiz, Prisma Cloud).
Real-world incident response experience and on-call participation.
Basic scripting knowledge (Bash, Python, or JavaScript) to automate tasks.
Familiarity with GitOps and Infrastructure-as-Code concepts.
Perks & Benefits
A Flexible PTO policy plus 14 holidays.
A $1,500 annual Learning & Development stipend.
Regular company-sponsored team celebrations.
Employee Assistance Program and access to Headspace for mental wellbeing.
3% retirement contribution and stock options.
Flexible policies to accommodate appointments, errands, or family needs.
Virtru is committed to building an inclusive environment for people of all backgrounds. We are an Equal Opportunity Employer and do not discriminate on the basis of race, color, gender, sexual orientation, gender identity or expression, religion, disability, national origin, protected veteran status, age, or any other status protected by applicable law.
#J-18808-Ljbffr