Virtru
Security Governance Risk & Compliance (GRC) Analyst
Virtru, Washington, District of Columbia, us, 20022
Overview
Security Governance Risk & Compliance (GRC) Analyst – Washington, DC - Remote About Virtru: Virtru is a leading data protection provider backed by venture capital firms in Silicon Valley and the Mid-Atlantic. Virtru enables granular data control across platforms with end-to-end encryption for Google, Microsoft, and other data sharing platforms, built on the Trusted Data Format (TDF) standard. Our motto is "Respect the people. Respect the data." We strive to create an atmosphere that sparks creativity, connection, and professional growth while empowering each other to do our best work. Compensation: $130,000-$180,000/year At Virtru you’ll contribute to building a cutting-edge security compliance program aligned with FedRAMP, SOC 2, PCI, HIPAA, GDPR, and other frameworks, while working with tools like Kubernetes, GCP, AWS, and Terraform. We value input from everyone on our team and offer challenging scaling/optimization work to ensure secure and performant services. As a GRC Analyst, you will be the primary point of contact for compliance inquiries and lead efforts to achieve and maintain CMMC compliance, conducting gap analyses and roadmap development, while supporting existing FedRAMP, SOC 2, and PCI DSS programs. Get in touch if you are excited to grow Virtru’s security compliance program. Responsibilities
Manage and implement complex controls frameworks for large systems (Cloud infrastructure and SaaS services like GCP, AWS, GitHub, Okta, etc.). Design and develop automation solutions for evidence collection across Cloud infrastructure, endpoints, and SaaS. Conduct risk assessments across business units and processes; identify findings and recommend remediation and mitigation strategies. Assist or implement automated controls to support risk mitigation across business units with stakeholders. Incorporate CMMC certification into Virtru’s compliance assessments and monitoring (FedRAMP, SOC 2, PCI). Facilitate third-party vendor onboarding and annual reviews by evaluating current and prospective partners’ security. Participate in incident response activities, providing risk analysis and remediation support as needed. Enhance the team with individual initiative and a love of learning. Skills that will help you thrive
Minimum of 5+ years of information security, IT audit and/or IT Risk Management, or GRC experience. Deep understanding of CMMC, NIST 800-53 & 800-171, FedRAMP, SOC 2, PCI, and/or other global privacy frameworks. Technical acumen with cloud technologies (AWS, GCP, Azure) and familiarity with GRC tools (Hyperproof, Vanta, Drata) and SIEM tools (Datadog, Splunk). Ability to translate risk across business and technical audiences; strong relationship-building. Experience training and coaching teams in security and privacy practices. Autonomous, agile mindset with ownership of security and collaboration across teams. Ability to resolve conflicts and drive issues to completion. Independent work style with high efficiency; experience with vulnerability scanning and cloud security posture tools (Wiz, Prisma Cloud) for compliance. Real-world incident response experience on on-call teams. Familiarity with GitOps and Infrastructure-as-Code concepts. Virtruvian qualities for success
Think creatively and respectfully challenge teammates in pursuit of excellence. Strong sense of urgency with an action-oriented mindset. Collaborate and adapt to shifting priorities as business needs evolve. Comfortable with asynchronous communication (Slack, email, Zoom). Benefits & Wellbeing
Flexible PTO with 14 holidays to recharge. $1,500 annual Learning & Development stipend. Frequent company-sponsored team celebrations. Employee Assistance Program and Headspace access. 3% retirement contribution; stock options. Flexible time for personal matters and emergencies. Diversity, Equity, Inclusion and Belonging
Virtru places a strong emphasis on DE&I and maintains a Council to foster inclusion and psychological safety. Equal Opportunity and Compliance
Virtru is an Equal Opportunity Employer and does not discriminate on protected characteristics. We welcome applicants from diverse backgrounds. Voluntary Self-Identification: Completion of this form is voluntary and confidential. This data is used for government reporting purposes and does not affect hiring decisions.
#J-18808-Ljbffr
Security Governance Risk & Compliance (GRC) Analyst – Washington, DC - Remote About Virtru: Virtru is a leading data protection provider backed by venture capital firms in Silicon Valley and the Mid-Atlantic. Virtru enables granular data control across platforms with end-to-end encryption for Google, Microsoft, and other data sharing platforms, built on the Trusted Data Format (TDF) standard. Our motto is "Respect the people. Respect the data." We strive to create an atmosphere that sparks creativity, connection, and professional growth while empowering each other to do our best work. Compensation: $130,000-$180,000/year At Virtru you’ll contribute to building a cutting-edge security compliance program aligned with FedRAMP, SOC 2, PCI, HIPAA, GDPR, and other frameworks, while working with tools like Kubernetes, GCP, AWS, and Terraform. We value input from everyone on our team and offer challenging scaling/optimization work to ensure secure and performant services. As a GRC Analyst, you will be the primary point of contact for compliance inquiries and lead efforts to achieve and maintain CMMC compliance, conducting gap analyses and roadmap development, while supporting existing FedRAMP, SOC 2, and PCI DSS programs. Get in touch if you are excited to grow Virtru’s security compliance program. Responsibilities
Manage and implement complex controls frameworks for large systems (Cloud infrastructure and SaaS services like GCP, AWS, GitHub, Okta, etc.). Design and develop automation solutions for evidence collection across Cloud infrastructure, endpoints, and SaaS. Conduct risk assessments across business units and processes; identify findings and recommend remediation and mitigation strategies. Assist or implement automated controls to support risk mitigation across business units with stakeholders. Incorporate CMMC certification into Virtru’s compliance assessments and monitoring (FedRAMP, SOC 2, PCI). Facilitate third-party vendor onboarding and annual reviews by evaluating current and prospective partners’ security. Participate in incident response activities, providing risk analysis and remediation support as needed. Enhance the team with individual initiative and a love of learning. Skills that will help you thrive
Minimum of 5+ years of information security, IT audit and/or IT Risk Management, or GRC experience. Deep understanding of CMMC, NIST 800-53 & 800-171, FedRAMP, SOC 2, PCI, and/or other global privacy frameworks. Technical acumen with cloud technologies (AWS, GCP, Azure) and familiarity with GRC tools (Hyperproof, Vanta, Drata) and SIEM tools (Datadog, Splunk). Ability to translate risk across business and technical audiences; strong relationship-building. Experience training and coaching teams in security and privacy practices. Autonomous, agile mindset with ownership of security and collaboration across teams. Ability to resolve conflicts and drive issues to completion. Independent work style with high efficiency; experience with vulnerability scanning and cloud security posture tools (Wiz, Prisma Cloud) for compliance. Real-world incident response experience on on-call teams. Familiarity with GitOps and Infrastructure-as-Code concepts. Virtruvian qualities for success
Think creatively and respectfully challenge teammates in pursuit of excellence. Strong sense of urgency with an action-oriented mindset. Collaborate and adapt to shifting priorities as business needs evolve. Comfortable with asynchronous communication (Slack, email, Zoom). Benefits & Wellbeing
Flexible PTO with 14 holidays to recharge. $1,500 annual Learning & Development stipend. Frequent company-sponsored team celebrations. Employee Assistance Program and Headspace access. 3% retirement contribution; stock options. Flexible time for personal matters and emergencies. Diversity, Equity, Inclusion and Belonging
Virtru places a strong emphasis on DE&I and maintains a Council to foster inclusion and psychological safety. Equal Opportunity and Compliance
Virtru is an Equal Opportunity Employer and does not discriminate on protected characteristics. We welcome applicants from diverse backgrounds. Voluntary Self-Identification: Completion of this form is voluntary and confidential. This data is used for government reporting purposes and does not affect hiring decisions.
#J-18808-Ljbffr