Mattermost is seeking a results-driven and analytical Governance, Risk & Compliance (“GRC”) Analyst to help ensure the security and compliance of the company. As the first member of our compliance team you will work closely with a globally distributed team to support compliance and risk management initiatives throughout the company, support and monitor established processes and policies, and help to further grow the GRC function at Mattermost.
Responsibilities:
- Support and grow the Governance, Risk, and Compliance function at Mattermost.
- Maintain and monitor security and privacy policies and training programs in partnership with other stakeholders.
- Support and strengthen privacy and security risk management programs within the organization.
- Collaborate with internal and external resources in conducting compliance audits.
- Provide reporting on key performance indicators (KPIs) for compliance programs and security risks.
- Manage the third-party risk management process for external vendors.
- Manage and respond to customer and prospect security questionnaires and requests.
- Manage and respond to requests under GDPR/CCPA and other applicable privacy laws
Requirements
- 2 or more years experience in security risk management, information security, or other GRC areas.
- Practical experience with one or more security or risk management standards (e.g. SOC2, ISO27001, FedRAMP, CMMC, NIST CSF, NIST 800-53).
- Excellent analytical skills and ability to analyze security requirements and relate them to appropriate security controls.
- Experience managing simultaneous projects across multiple teams.
- Strong verbal and written communication skills with the ability to tailor communication on the other party
Preferred Background/Skill
- Experience in supporting compliance with applicable privacy laws.
- Experience in maintaining and implementing public sector compliance requirements.