Governance, Risk and Compliance (GRC) Analyst

Kandji

Kandji

IT, Legal
Miami, FL, USA
Posted on Aug 9, 2024
About Kandji
Kandji is the Apple device management and security platform that empowers secure and productive global work. With Kandji, Apple devices transform themselves into enterprise-ready endpoints, with all the right apps, settings, and security systems in place. Through advanced automation and thoughtful experiences, we’re bringing much-needed harmony to the way IT, InfoSec, and Apple device users work today and tomorrow.
Some of the smartest money in tech has partnered with Kandji to realize our vision, including Tiger Global, Felicis, Greycroft, First Round Capital, and Okta Ventures. In July 2024, Kandji raised $100 million in capital from General Catalyst, bringing Kandji’s valuation to $850 Million.
Since Kandji’s Series C in 2021, the company has seen a 600%+ increase in annual recurring revenue, and its customer base has grown nearly 4X across 40+ industries. Notable customers include Allbirds, Canva, and Notion, and the company has partnerships with such industry giants as ServiceNow, AWS, and Okta.
Kandji was also named to Forbes’ Next Billion Dollar Startup List 2023 and recognized as a top venture-backed startup with the potential to reach unicorn status.
The Opportunity
Kandji is looking for a Governance Risk and Compliance (GRC) Analyst to add to our growing Security, IT and Trust teams. The GRC team is part of the Kandji Security and Trust organization and manages key pillars of Kandji’s Risk Management framework. The GRC team is responsible for Customer Assurance, Security Compliance, Policy Governance, Information Security Risk Assessment, Third Party Risk Management, Security Compliance training and awareness, and Privacy.
This opportunity provides the ability to work with various teams to evaluate controls, perform control testing to improve the design and operational effectiveness of the various GRC programs. This includes facilitating the development and maintenance of standards, processes, and tooling in order to promote scalability, repeatability and growth of the function. You will also facilitate risk assessments and control reviews to accommodate new business areas as well as changes in processes. This includes management of information security risk assessment process, defining and creating risk methodology, developing new or expanding product risk analysis. The GRC Analyst will report to the Team Lead, GRC and work collaboratively with other departments across Kandji.

How you'll make a difference day to day

  • In support of multiple frameworks (e.g. ISO 27XXX, SOC2) plan, design and execute controls testing, controls assessment and risk management practices.
  • Perform gap assessments on framework scope expansion exercises.
  • Collaborate with cross-functional teams to develop and implement information security/privacy policies, procedures, and controls to mitigate information security and data privacy risks.
  • Perform information security risk assessments on 3rd Party vendors.
  • Collaborate with the go-to-market team on customer security due diligence, including security questionnaires and working on to ensure Kandji’s trust center is up to date.
  • Conduct and initiate user access reviews over critical applications for all employees and contractors.
  • Conduct impact assessments (PIAs, BIAs, AIIAs) and assist in developing strategies to address identified risks.
  • Conduct data classification assessments to identify and categorize sensitive information based on its level of confidentiality, criticality, and regulatory implications.
  • Assist with planning and execution of internal and external audits.
  • Assist with the preparation of reports and presentations for management and regulatory agencies.
  • Support in the development and implementation of compliance training and awareness programs.
  • Participate or lead special ad-hoc projects or initiatives as assigned.

We’d love to hear from you if you have

  • 3-5 years of relevant experience in Information Security Governance, Risk and Compliance (GRC) or relevant security compliance roles in the tech industry. Big 4 consulting experience is a plus.
  • Two (2) years of experience in leading SOC2, ISO 27001 audits.
  • Experience in performing risk-based testing for control compliance, including the identification, assessment, and mitigation of compliance issues: understanding how to balance the company's risk appetite to compliance needs/requirements.
  • Detailed knowledge and experience with technology controls across a variety of industry frameworks and how to assess controls supporting compliance for SOC2, CMMC, ISO 27001, ISO 27701, ISO 42001, CSA Star and global privacy regulations.
  • Experience in information security compliance in a role that required cross-departmental collaboration including leading day to day activities, improving processes and owning outcomes.
  • Detailed knowledge of information security, technology compliance management industry frameworks and standards: NIST, OWASP, SANS, ISO-27001/2.
  • Experience developing dynamic approaches to the implementation of a technology compliance program utilizing a variety of testing methods, both manual and automated, to provide qualitative and quantitative results where applicable.
  • Strong analytical and problem-solving skills.
  • Excellent project management, written and verbal communication skills.
  • Ability to manage multiple priorities and deadlines.
  • Proven track record as a strong cross-teams collaborator and team player, dealing with complex programs and influencing cross-functional audiences.
  • Required to work on-site 5 days a week.

Nice to haves

  • Experience and familiarity with cloud data security and working with public cloud solutions (AWS)
  • Experience working with a GRC tools such as Drata, Safebase, Knowbe4, Atlassian- Jira
  • Previous work as an information security consultant or Big 4 consulting.
  • Certifications such as CISA, CIPT, CRISC, CISSP, CCSP

Competencies

  • Values Differences
  • Communicates Effectively
  • Instills Trust
  • Action Oriented
  • Always Learning
  • Execution
  • Planning & Time Management
Benefits & Perks
• Competitive salary
• 100% individual and dependent medical + dental + vision coverage
• 401(k) with a 4% company match
• 20 days PTO
• Health and wellness days
• Kandji Wellness Week the first week in July
• Equity for full-time employees
• Up to 16 weeks of paid leave for new parents
• Paid Family and Medical Leave
• Modern Health - Mental Health Benefits - Individual and Dependents
• Fertility Benefits
• Working Advantage Employee Discounts
• Free onsite fitness center
• Free parking
• Lunch 5 days/week
• Exciting opportunities for career growth
• An outstanding, inclusive culture
We are excited to be serving a significant need for a fast-growing market, and are proud of the high-performing team we have brought together so far. If you’re someone who wants to engage in new, exciting projects that will challenge your skills in the best way possible, we would love to connect with you.
At Kandji we believe in fostering an inclusive environment in which employees feel encouraged to share their unique perspectives, leverage their strengths, and act authentically. We know that diverse teams are strong teams, and welcome those from all backgrounds and varying experiences.
Kandji is proud to be an equal opportunity employer committed to diversity and inclusion in the workplace. Qualified applicants will be considered for employment without regard to race, color, religion, national origin, age, sex, sexual orientation, gender identity, physical or mental disability, protected veteran or military status or any other status protected by applicable law.