Security Governance Analyst

Are you ready to move beyond "check-the-box" compliance?
We are looking for a Security Governance Analyst to help us bridge the gap between complex security requirements and real-world execution. Based in our Prague office, you will be a key player in our Trust, Risk, & Compliance (TRC) team, helping Rapid7 maintain its reputation for transparency and security across the EMEA and APAC regions.
This isn't a role for a spectator. We need a practitioner who is eager to dive into our technical stack, partner with engineering teams, and ensure that security is built into the way we work-not bolted on at the end.
About the Team
Rapid7's Trust & Governance team doesn't just write policies; we build trust. We operate at the intersection of technical excellence and business enablement. We partner deeply with InfoSec, Legal, and Engineering to ensure our security posture is resilient, compliant, and-most importantly-transparent to our customers. We're a team that values "Impact Together," meaning we win as a herd (or as we call ourselves, the Moose).
About the Role
As a Security Governance Analyst, you are the engine that keeps our compliance initiatives moving. You aren't just following a checklist; you are identifying gaps, flagging risks early, and helping us evolve. You will operate with a healthy mix of independence and collaboration, knowing exactly when to run with a project and when to pull in an expert.
In this role, you will:

• Drive Consistent Outcomes: Execute TRC deliverables within SLAs, ensuring our compliance programs run predictably and with high quality.
• Bridge the Technical Gap: Act as the "SME-in-the-middle," translating complex auditor requirements into actionable steps for our internal teams.
• Navigate the Gray Areas: Proactively spot delays or deviations in project scope. You don't just report problems; you help us pivot toward solutions.
• Support the Audit Lifecycle: Assist in evaluating the design and effectiveness of our controls, helping us find smarter, more efficient ways to stay secure.
• Influence the Culture: Help our peers understand the "why" behind security controls, fostering a culture where security is everyone's business.

The skills and qualities you will bring include:
We aren't looking for a perfect resume; we're looking for the right mindset. You should bring a mix of foundational GRC knowledge and the "Never Done" curiosity to keep learning.

• Experience: 2+ years in information security, IT audit, or a related compliance field. You've seen how audits work and you're ready to take the next step.
• Foundational Toolkit: Familiarity with frameworks like ISO 27001, SOC2, or NIST CSF. You understand how these requirements live and breathe in a cloud-first environment.
• Strategic Doing: You think big but act small-breaking down massive compliance goals into clear, time-bound milestones.
• Clear Communication: You can explain a technical risk to a non-technical stakeholder without losing the "why."
• Accountability: You own your outcomes. If a deadline is at risk, you're the first to flag it and suggest a path forward.
• Collaborative Mindset: You treat other teams as partners, not obstacles. You seek to understand their workflows before asking them to change.
• The "Fail Fast" Mentality: You're open to feedback and eager to learn from mistakes to accelerate your impact.
• AI-Driven Curiosity: You are naturally inquisitive and always looking for a smarter way to work. You have a genuine interest in exploring and leveraging AI tools to automate workflows, streamline compliance, and stay ahead of the curve.
• Core Value Embodiment: Embody our core values to foster a culture of excellence that drives meaningful impact and collective success.

Typical Minimum Requirements

• A Bachelor's degree and a minimum of 2 years of related experience.
• Fluency in English; strong written and verbal communication skills are essential for regional stakeholder management.

We know that the best ideas and solutions come from multi-dimensional teams. That's because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don't be shy - apply today.
#LI-SIM
About Rapid7
At Rapid7, our vision is to create a secure digital world for our customers, our industry, and our communities. We do this by harnessing our collective expertise and passion to challenge what's possible and drive extraordinary impact. We're building a dynamic and collaborative workplace where new ideas are welcome.
Protecting 11,000+ customers against bad actors and threats means we're continuing to push the envelope just like we' ve been doing for the past 20 years. If you 're ready to solve some of the toughest challenges in cybersecurity, we're ready to help you take command of your career. Join us.