Founded by thought leaders of Cisco’s IronPort solutions, we’re on a mission to protect digital communications so humanity prevails over evil.
Agari is trusted by leading Fortune 1000 companies, including 6 of the top 10 banks and 5 of the world’s leading social media networks, as well as Government Agencies, to protect their organizations, partners, customers and citizens from advanced email phishing attacks.
Headquartered in Silicon Valley, Agari is backed by Alloy Ventures, Battery Ventures, First Round Capital, Greylock Partners, Norwest Venture Partners, ScaleVP, and now Goldman Sachs.
Your Future Role
The Security Governance Risk and Compliance (GRC) Senior Analyst will be responsible for running the Agari Security GRC program. Reporting to the Senior Director of Legal, Security and Compliance, this is a hands-on role with significant leadership potential to own Agari’s expanding Security GRC program, as well as the opportunity to drive security compliance certifications from start to finish.
As a security company, Agari’s customers expect its Security GRC program to be world class. You will be at the forefront of running the day to day operations and expanding the GRC program by providing leadership, oversight and coordination of Agari’s security compliance objectives.
- Governance Management: Security governance management, strategy, planning and execution of internal governance controls and related processes in alignment with global regulations and company policies.
- GRC Controls Monitoring: Maintain Security Controls Monitoring standards and standard operating procedures by working with control owners throughout the company to evaluate and develop control design and standards. When feasible, work with control owners to evaluate and implement automation for control management.
- Compliance Audit Management: Manage external security compliance audit process working with control owners and consultants to prepare and present GRC program and evidence to external auditors for successful certification.
- Security and Privacy Program Development: Support the maturation of the internal security and data privacy program through the development of policies and programs.
- Risk Management: Help mature internal risk assessment process by evaluating risk assessment & compliance framework (Rate/scoring), maturity model, qualitative & quantitative risk modeling and drive risk assessment activities.
- Customer Security Assessments: Coordinate with security engineering, sales engineers and other stakeholders to support customer security assessments.
Your Keys to Success
- Significant experience in control management and external audits for at least one of the following security risk management frameworks: SOC-2, FedRamp, ISO 27001, NIST CSF & 800-53, HiTrust, HIPAA, GDPR)
- 3-5 years experience building productive compliance relationships with internal stakeholders such as Engineering, HR, Security, Technical Operations, Site Reliability Teams, and others.
- Broad spectrum knowledge of Security Engineering, Security Operations, Product Security, Incident Response, Change Management, Identity and Access Management, and vendor Security Risk Management.
- Strong leadership skills
- Self-starter with strong interpersonal and communications skills
- Deliver clear and effective documentation to support compliance controls and audits
- Knowledge of or experience with SaaS cloud environments preferred
- Familiarity using GRC tools, technology and implementation
- Desire to contribute skills to mature security and privacy programs
- Strong project management skills
- Experience in management reporting and presentations
- Relevant BA/BS degree and/or certifications (CRISC, CISSP, CCIE, CISM, CISA, CCSK)
Why we're a great place to work
- Won Best Places to Work 2018
- Fast-growing cyber security start-up –Won the best Email Security Solution 2018
- Competitive benefits package -equity included!
- Hard working people with a lively office environment
- Weekly company events – lunches, social happenings, etc (We like to have fun too!)