Governance, Risk Management and Compliance (GRC) Specialist
Sunnyvale
JFrog
The JFrog Platform gives you an end-to-end pipeline to control the flow of your binaries from build to production. Power your software updates to the edgeAt JFrog, we’re reinventing DevOps to help the world’s greatest companies innovate -- and we want you along for the ride. This is a special place with a unique combination of brilliance, spirit and just all-around great people. Here, if you’re willing to do more, your career can take off. And since software plays a central role in everyone’s lives, you’ll be part of an important mission. Thousands of customers, including the majority of the Fortune 100, trust JFrog to manage, accelerate, and secure their software delivery from code to production -- a concept we call “liquid software.” Wouldn't it be amazing if you could join us in our journey?
We are looking for a passionate, business-savvy, and talented Governance, Risk Management and Compliance (GRC) Specialist to join our GRC Team in Sunnyvale, California.
In this role, you will work across the organization to support and mature our customer security questionnaires and security audits. You will also support our sales, legal, and business colleagues through various information security projects and initiatives and provide assurance to our customers while also enhancing the overall GRC programs. This is a great opportunity to work closely with technical stakeholders to further build and scale our global Information Security and GRC programs. We are looking for a team player who brings a thoughtful, pragmatic mindset to overcoming challenges.
As a Governance, Risk Management and Compliance (GRC) Specialist in JFrog you will...
- Support the sales process by responding to customer inquiries related to information security
- Collaborate with cross-company teams such as sales,legal & privacy, product engineering, security, sales-ops, and solutions engineering to build on robust and comprehensive compliance processes
- Automate and streamline our Trust & Compliance workflows, including customer facing content, evidence collection, and security Q&As for employees and customers, with a penchant for creating excellent self-service experiences
- Respond to and complete customer risk assessments
- Coordinate and carry out strategic customer audits
- Review and negotiate customer information security addendums
- Define and execute team KPIs and Metrics
- Implement improvements and updates to our security program based on regulatory changes and customer requirements
- Mentor and train other junior members of the team
To be a Governance, Risk Management and Compliance (GRC) Specialist in JFrog you need...
- 6+ years of work experience focused on issues related to Information security and GRC
- Experience contributing to implementing security and compliance programs such as SOC 2, ISO 27001, ISO 27017, ISO 27018, CSA STAR, etc.Experience reviewing and redlining information security addendums.
- General knowledge of global privacy laws and regulations such as GDPR, CCPA etc
- Familiarity with various enterprise SaaS applications, cloud infrastructure such as AWS, and the concepts of modern software engineering practices/tools, databases, operating systems, secure network design, and other technology relevant to cybersecurity
- Ability to multitask effectively, complete projects and perform daily tasks with minimal supervision and ability to set and meet deadlines
- Experience working with Salesforce, Jira, and GRC platforms
- Ability to understand and translate security concepts, controls, and risk scenarios to identify their impact on technology, business, and customers
- Ability to effectively prioritize and execute tasks in a high-pressure environment
- Excellent verbal and written communication
- Ability to work well under pressure: responsiveness, accuracy, and sense of urgency are essential to this role
- Willingness to work a flexible schedule based on department and company needs
- Strong collaboration skills with an ability to build relationships with internal resources
Even if you don’t meet all the requirements listed here, we still encourage you to apply. Skills can be used in many different ways, and your life and professional experience may be relevant beyond what this list of requirements will capture.
WHAT JFROG CAN OFFER…
- At JFrog, base salary is only one component of our compensation package.
- This position has a base salary range between $150,000-$170,000. Base salary will be based on your skills, qualifications, experience and location.
- This position also includes an equity package of restricted stock units (RSU). In addition, JFrog employees are eligible to participate in our Employee Stock Purchase Plan.
- JFrog provides employees comprehensive benefits including medical, dental, vision, retirement, wellness and much more!
- JFrog embraces hybrid work: 3 days in office / 2 days remote.
- Additionally, this role may be eligible for discretionary bonuses or commission payments.
JFrog is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status or any other category protected by law.
Tags: Audits AWS CCPA Cloud Compliance DevOps GDPR Governance ISO 27001 Jira KPIs Privacy Risk assessment Risk management SaaS SOC SOC 2
Perks/benefits: Equity Flex hours Health care Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Operations Analyst jobs
- Open Sr. Security Engineer jobs
- Open Security Consultant jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open ISO 27001-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open SaaS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs