Security Governance Risk & Compliance (GRC) Analyst

About Virtru:

Virtru is a leading data protection provider backed by some of the foremost venture capital firms in Silicon Valley and the Mid-Atlantic region, including Iconiq Capital, Bessemer Venture Partners, Foundry Capital, and Tiger Global. Today, more than ever, data demands respect, and that’s why Virtru is committed to changing the rules for data privacy. At Virtru, we equip our customers to take granular control of their data—everywhere it’s shared—through end-to-end encryption for Google, Microsoft, and other data sharing platforms. Our market-leading portfolio of data encryption and privacy enhancing applications are remarkably easy to use, fast to implement, affordable for all, and built on the Trusted Data Format (TDF) open standard.

At Virtru, our motto is "Respect the people. Respect the data." Respecting data to us means keeping it secure and protected at all times across its entire lifecycle. We firmly believe that when you respect data, you’re demonstrating respect for the people who own that data.

Working at Virtru, you'll be inspired by colleagues who are passionate about the work they do. We are dedicated to creating an atmosphere that sparks creativity, connection, and professional growth while empowering each other to do our best work. We're building something special at Virtru. We hope you consider joining our team and helping us create a brighter future for data privacy.

Compensation: $130,000-$180,000/year 

Team & Position Details: 

Here at Virtru you’ll help build a cutting edge security compliance program aligned with FedRAMP, SOC 2, PCI, HIPAA, GDPR, and just about any other security/privacy framework you can think of, whilst getting your hands on some of today’s most important tools and tech like Kubernetes, GCP, AWS, Terraform. We put a high value on input from everyone on our team. Your voice will have a significant impact. With a constantly growing customer base, there is no shortage of challenging and exciting scaling/optimization work to ensure that we can provide the most secure and performant service.

As a GRC Analyst at Virtru, you will be the primary point of contact for compliance-related inquiries. You will lead and manage the organization's efforts to achieve and maintain CMMC compliance, by conducting gap analyses and developing a roadmap to address compliance requirements. You will also play a vital role in supporting our existing FedRAMP, SOC2, and PCI DSS compliance.

Get in touch if you are excited to help us grow into a world-class security compliance program.

As a Security Governance Risk & Compliance (GRC) Analyst, your responsibilities will include:

• Manage and implement complex controls frameworks for large systems, consisting of Cloud infrastructure and Software as a Service (SaaS) services (GCP, AWS, GitHub, Okta, etc).
• Design and develop automation solutions for evidence collection across Cloud infrastructure, endpoints, and SaaS services.
• Conduct risk assessments across business units and processes. Identify risk findings and recommend remediation and risk mitigation strategies.
• Assist or implement automated controls to support risk mitigation efforts across various business units with stakeholders.
• Incorporate CMMC certification into Virtru’s slate of compliance assessments and ongoing monitoring activities  (FedRAMP, SOC 2, PCI).
• Facilitate the third-party vendor on-boarding and annual review process by evaluating the security of current and prospective partners.
• Participate in incident response (IR) activities, providing risk analysis and remediation support as needed.
• Enhance the team with your individualism, spirit, and love of learning.

Skills that will help you thrive in this role: 

• Minimum of 5+ years of information security, IT audit and/or IT Risk Management, or GRC Analyst/Engineer experience
• Deep understanding of at least few of the following: CMMC, NIST 800-53 & 800-171, FedRAMP, SOC 2, PCI, and/or other global privacy compliance frameworks
• Technical acumen. Strong understanding of modern cloud technologies (AWS, GCP, Azure, etc.) and familiarity with GRC tools (Hyperproof, Vanta, Drata, etc) and SIEM tools (Datadog, Splunk)
• You’re a relationship builder and have worked with both business and technical risk and understand how to translate risk to various levels of the organization
• Have experience training and coaching teams to become better security and privacy practitioners
• Like working on an autonomous agile team. At Virtru, you will have ownership of security, but you'll collaborate with everyone to make sure we produce and implement the right solutions
• Ability to resolve conflicts and drive issues to completion.
• Work independently with little or no supervision while maintaining a high level of efficiency.
• Hands on experience deploying and managing vulnerability scanning/cloud security posture management tools (Wiz, Prismacloud, etc.) to meet security compliance requirements
• Real-world IR experience participating on security On-Call teams
• Basic knowledge of scripting languages like Bash, Python, or Javascript to automate manual tasks
• Familiarity with GitOps and Infrastructure-as-Code concepts

Virtruvian qualities that will set you up for success:

• Thinking outside of the box to respectfully challenge your teammates and managers in the pursuit of excellence
• Strong sense of urgency with an action-oriented mindset
• Able to collaborate and adapt to shifting priorities as business needs evolve
• Comfortable with asynchronous communication including slack, email, zoom, etc.

Perks & Benefits:

At Virtru, we believe people do their best work when their wellbeing is put first. This is why we make your wellbeing our priority with a thoughtful and holistic program that encompasses Occupational, Mental, Social, Physical, and Environmental Wellness by offering benefits such as…

• A Flexible PTO policy — we strongly encourage you to take time off (in addition to 14 holidays) to ensure that you are getting the proper time needed to unplug and recharge. 
• A $1,500 annual Learning & Development Stipend focused on providing you the resources to continually learn and professionally grow.
• Frequent company-sponsored team celebrations that provide ample opportunities to connect with teammates and be social!
• Access to an Employee Assistance Program
• Access to Headspace, a mental health app tailored to your specific needs.
• A flat 3% contribution to your retirement account
• A high degree of flexibility — Have an appointment, errand, or family emergency to take care of? Hop to it! We give you the time and space to take care of you and your own first.

In addition to wellbeing, Virtru places a strong emphasis on diversity, equity, inclusion, and belonging. Our DE&I Council is dedicated to fostering an inclusive workplace and making the psychological safety of each and every one of our teammates a top priority. 

Additional perks include: 

• Competitive compensation
• Generous parental, medical, and bereavement policies
• 401K contribution and stock options
• Full medical, dental, and vision benefits
• New Hire Swag and IT Welcome boxes
• Structured semi-annual 360° performance reviews

Virtru is committed to building an inclusive environment for people of all backgrounds and everyone is encouraged to apply. Virtru is an Equal Opportunity Employer and does not discriminate on the basis of race, color, gender, sexual orientation, gender identity or expression, religion, disability, national origin, protected veteran status, age, or any other status protected by applicable national, federal, state, or local law.