Security Analyst (GRC Specialist)

Job Category: Information Technology (IT)
Job Type: Full Time
Job Location: United States
Salary: €60K/yr - €80K/yr
Company Name: Pigment

About the job

Our Story So Far

Since our founding in 2019, Pigment has become one of the fastest-growing SaaS companies in the world today. Our product, a highly efficient Enterprise Performance Management (EPM) platform, is helping companies achieve their financial goals by quickly responding to dynamic factors in their respective markets including Tech, Retail, CPG & Financial Services.

In less than 5 years, Pigment has grown to over 450 employees across offices in New York, Toronto, London & Paris and attracted a total of $393M in investment from some of the top Venture Capital firms globally.

We serve companies including Unilever, Deliveroo, Gong and Brex to name a few!

We are looking for a Governance, Risk and Compliance specialist, whose core focus will be to protect our customers’ and compliance data.

Key Responsibilities

  • Strategic Leadership
  • Under the coordination of the CISO, participate in the definition of a multi-year, risk-driven security roadmap, design policies, processes and guidance documents driving its implementation
  • Implementing the security roadmap, either autonomously or with support from other engineering teams, either in a delivery or project management capacity, depending on the project’s technical requirements
  • Establish and implement company-wide security policies and procedures covering internal IT, production platforms, facilities, and more
  • Improve and maintain the risk analysis and its mitigation planDesign and implement a comprehensive reporting framework of security indicators
  • Operational Excellence
  • Drive implementation of the security roadmap, leading initiatives and coordinating with engineering teams or other relevant stakeholders (legal, HR, support, customer experience
  • Oversee vulnerability remediation, including triage, prioritization, and mitigation follow up
  • Oversee vendor security assessments and ensure alignment with compliance requirements, deliver security approvals in the procurement process
  • Participate in the asset management program (contractors, accounts, datasets, etc.)
  • Compliance Management
  • Lead certifications renewals for SOC 1, SOC 2, and contribute to acquisition of new certification (e.g., ISO 27001, ISO 27701)
  • Lead planning and execution of compliance audit programs conducted both internally and externally
  • Maintain and enhance compliance programs, collaborating cross-functionally to ensure adherence
  • Coordinate with the Sales and Legal teams to understand the legislative landscape and market requirements in terms of compliance
  • Advocacy and Training
  • Design and implement security awareness training programs and champion best practices across teams (onboarding training, awareness training, phishing simulations, developer trainings)

Experience & Expertise

  • At least 5 years of experience on governance and compliance topics, either as Security Engineer, Security Project Manager, or compliance officer (of course, you can be way more experienced!)
  • Extensive knowledge and experience with the ISO27000 series standard: implementation experience in obtaining and maintaining is a plusSolid technical background in security engineering
  • Great team spirit with a problem-solving, can-do attitude
  • Good dose of humility and the willingness to grow (no matter your seniority!)
  • Fluent in English (French is not mandatory!)
    APPLY

Apply for this position

Allowed Type(s): .pdf, .doc, .docx