Red Canary Logo

Red Canary

Principal Governance Risk & Compliance Analyst

Posted 7 Days Ago
Easy Apply
Remote
Senior level
Easy Apply
Remote
Senior level
As a Principal Governance Risk & Compliance Analyst, you will lead initiatives to ensure robust policies and controls within Red Canary's GRC programs. Your role includes conducting audits, managing compliance certifications, and improving vendor assessments while maintaining alignment with security standards.
The summary above was generated by AI

Who We Are

Red Canary was founded to create a world where every organization can make its greatest impact without fear of cyber threats. We’re a cyber security company who protects, supports and empowers organizations to make better security decisions so they can focus on their mission without fear of cyber threats.


The combination of our market-defining technology and expertise prevents breaches every day and sets a new standard for partnership in the industry. We’re united in our commitment to customers and grounded in our values, which earned us a place on the Forbes Best Start-up Employers 2022 list. If our mission resonates with you, let’s talk.


What We Believe In

- Do what’s right for the customer

- Be kind and authentic

- Deliver great quality

- Be relentless


Challenges You Will Solve

At Red Canary, the protection of our customers and employees is of the utmost importance. Red Canary’s Governance, Risk & Compliance (GRC) team provides oversight to ensure that our people, platforms, and data remain secure in compliance with our policies and applicable laws. 


As a Principal GRC Analyst, you will help ensure that our controls, policies, and procedures are designed, implemented, and tested to deliver the best possible outcomes for Red Canary and our customers. Reporting to the General Counsel, the Principal GRC Analyst is responsible for activities and improvements across the entire scope of Red Canary’s GRC programs.

What You'll Do

  • Lead governance, risk, and compliance initiatives.
  • Lead regular reviews to ensure that policies and controls are effective, while aligning them to company values and all applicable compliance requirements; identify potential improvements and manage their implementation.
  • Identify, design, and lead projects to automate the collection and presentation of auditing data for internal and external consumption.
  • Lead internal audits and risk assessments of the Red Canary environment; identify potential improvements and manage their implementation.
  • Schedule, prepare for, and lead annual external audits against SOC 2 Type II, ISO 27001, ISO 27701, and other standards.
  • Maintain security and compliance certifications; identify and manage new certification initiatives.
  • Lead the vendor risk management function for evaluating Red Canary’s vendors and partners to identify potential risks; identify potential improvements and manage their implementation.
  • Lead the response to questions and questionnaires from customers, potential customers, and partners regarding security and compliance; identify potential improvements and manage their implementation.
  • Support the sales team in vetting security and compliance terms in customer contracts.
  • Help oversee security awareness training that is both relevant and instructive.
  • Lead relevant and engaging business continuity and incident response exercises. 

What You'll Bring

  • 5+ years of experience with SOC 2 Type II and ISO 27001 audits. Experience with audits under ISO 27701, FedRAMP, and CMMC experience is a plus.
  • 5+ years of managing or performing security questionnaires and vendor assessments.
  • Experience addressing security and compliance terms in commercial contracts.
  • The ability to articulate and shift between various compliance and regulatory frameworks.
  • An understanding of the unique risks presented by cloud-native architecture and compliance and audit strategies for environments heavily reliant on SaaS.
  • Strong experience interacting with auditors and gaining their confidence as a source of truth.
  • Expertise in designing and managing strategies to identify, articulate, and mitigate risks.
  • Experience in designing and implementing automation to the collection and presentation of audit data.
  • Outstanding written and verbal communication skills.
  • A practical mindset that can balance compliance and business needs.
  • The ability to lead multiple projects simultaneously.
  • A patient and positive attitude.

Targeted base salary range: $130,000 - $150,000


This role is eligible for a grant of stock options, subject to the approval of the company's board of directors. This role is also eligible for participation in the company's bonus program.


The application deadline is February 3, 2025



Why Red Canary?

Red Canary is where people embody our mission to improve security outcomes for all. People work hard to maintain a culture that encourages authenticity in order to do your best work. Our people are driven and committed to finding the best security outcomes, delivering real and actionable answers, and being transparent along the way. 


At Red Canary, we offer a very rich benefits program to our full-time team members so they can focus on their families and improving our customers’ security. For a full list of benefits, please review our Benefits Summary:

https://resource.redcanary.com/rs/003-YRU-314/images/RedCanary_2025BenefitsSummary.pdf?version=0


Individuals seeking employment at Red Canary are considered without regard to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation.

Top Skills

Cmmc
Fedramp
Iso 27001
Iso 27701
Soc 2 Type Ii

Similar Jobs at Red Canary

Red Canary Logo
Red Canary

Senior AI Engineer

6 Hours Ago
Easy Apply
Remote
USA
Easy Apply
Senior level
Senior level
Cloud • Security • Software • Cybersecurity
As a Senior Data Engineer at Red Canary, you will develop and optimize AI/ML models to detect cybersecurity threats using large datasets. You'll collaborate with various teams to integrate AI-driven insights and refine data processing pipelines, while fostering a culture of innovation and mentoring peers.
Top Skills: Python
Red Canary Logo
Red Canary

Data Engineer

4 Days Ago
Easy Apply
Remote
USA
Easy Apply
Mid level
Mid level
Cloud • Security • Software • Cybersecurity
The Data Engineer at Red Canary will design, build, and maintain data infrastructure, ensuring data quality and governance while empowering cross-functional teams with reliable datasets. Responsibilities include optimizing data pipelines, collaborating with analysts and business stakeholders, and continuously enhancing the infrastructure for scalability and efficiency.
Top Skills: AirflowAWSAzureDataGCPGluePrefectPysparkSagemaker

What you need to know about the London Tech Scene

London isn't just a hub for established businesses; it's also a nursery for innovation. Boasting one of the most recognized fintech ecosystems in Europe, attracting billions in investments each year, London's success has made it a go-to destination for startups looking to make their mark. Top U.K. companies like Hoptin, Moneybox and Marshmallow have already made the city their base — yet fintech is just the beginning. From healthtech to renewable energy to cybersecurity and beyond, the city's startups are breaking new ground across a range of industries.

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account