Job details

Security Analyst (GRC Specialist)

Our Story So Far

Since our founding in 2019, Pigment has become one of the fastest-growing SaaS companies in the world today. Our product, a highly efficient Enterprise Performance Management (EPM) platform, is helping companies achieve their financial goals by quickly responding to dynamic factors in their respective markets including Tech, Retail, CPG & Financial Services.

In less than 5 years, Pigment has grown to over 450 employees across offices in New York, Toronto, London & Paris and attracted a total of $393M in investment from some of the top Venture Capital firms globally.

We serve companies including Unilever, Deliveroo, Gong and Brex to name a few!

We are looking for a Governance, Risk and Compliance specialist, whose core focus will be to protect our customers' and compliance data.

Key Responsibilities

Strategic Leadership

Under the coordination of the CISO, participate in the definition of a multi-year, risk-driven security roadmap, design policies, processes and guidance documents driving its implementation

Implementing the security roadmap, either autonomously or with support from other engineering teams, either in a delivery or project management capacity, depending on the project’s technical requirements.

Establish and implement company-wide security policies and procedures covering internal IT, production platforms, facilities, and more.

Improve and maintain the risk analysis and its mitigation planDesign and implement a comprehensive reporting framework of security indicators

Operational Excellence

Drive implementation of the security roadmap, leading initiatives and coordinating with engineering teams or other relevant stakeholders (legal, HR, support, customer experience

Oversee vulnerability remediation, including triage, prioritization, and mitigation follow up.

Oversee vendor security assessments and ensure alignment with compliance requirements, deliver security approvals in the procurement process

Participate in the asset management program (contractors, accounts, datasets, etc.)

Compliance Management

Lead certifications renewals for SOC 1, SOC 2, and contribute to acquisition of new certification (e.g., ISO 27001, ISO 27701)

Lead planning and execution of compliance audit programs conducted both internally and externally.

Maintain and enhance compliance programs, collaborating cross-functionally to ensure adherence.

Coordinate with the Sales and Legal teams to understand the legislative landscape and market requirements in terms of compliance.

Advocacy and Training

Design and implement security awareness training programs and champion best practices across teams (onboarding training, awareness training, phishing simulations, developer trainings)

Experience & Expertise

At least 5 years of experience on governance and compliance topics, either as Security Engineer, Security Project Manager, or compliance officer (of course, you can be way more experienced!)

Extensive knowledge and experience with the ISO27000 series standard: implementation experience in obtaining and maintaining is a plusSolid technical background in security engineering

Great team spirit with a problem-solving, can-do attitude.

Good dose of humility and the willingness to grow (no matter your seniority!).

Fluent in English (French is not mandatory!).

Environment

The scope of this role includes both the production environment and internal IT
Sites in Paris, London, Toronto and NYC
MacOS, Windows, Linux
GCP, Kubernetes, Terraform, Postgres, SingleStore, Vault
Okta, Oauth, JWT, C#, .NET Core, TypeScript, React
Vanta (GRC), Riot (awareness), Google Workspace (office), Jumpcloud (MDM and SSO), Hibob (HRIS), Slack (IM), GitHub (VCS), CircleCI / ArgoCD (CI/CD) HackerOne (Bug Bounty program), Datadog (SIEM), 1Password (password manager)

€60,000 - €80,000 a year

- Competitive salary

- Equity

- The best health insurance with Alan Blue entirely free for you and your family 💙

- Trust and flexible working hours

- Brand new offices in the heart of Paris, London, New York and, Toronto

- Remote-friendly environment

Pigment is an equal opportunity employer. We believe diversity is a strength and fosters innovation. We are committed to enabling everyone to feel included and valued at the workplace. All qualified applicants will receive consideration for employment without regard to age, color, family, gender identity, marital status, national origin, physical or mental disability, sex (including pregnancy), sexual orientation, social origin, or any other characteristic protected by applicable laws. We may process your personal data in accordance with our HR Data Protection Notice.

Pigment Glassdoor Company Review

4.6

Pigment DE&I Review

No rating

CEO of Pigment

Romain Niccoli, Eléonore Crespo

Approve of CEO

Average salary estimate

$70000 / YEARLY (est.)

min

max

$60000K

$80000K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About Security Analyst (GRC Specialist), Pigment

Are you ready to elevate your career as a Security Analyst (GRC Specialist) at Pigment? Based in the vibrant cities of London or Paris, you'll join one of the fastest-growing SaaS companies in the world, with a mission to help organizations reach our financial goals through our innovative Enterprise Performance Management (EPM) platform. With a passionate team of over 450 experts across our offices – from New York to Toronto – Pigment has made significant waves, serving renowned clients like Unilever and Deliveroo. As a Security Analyst, you'll play a vital role in safeguarding our customers' data by developing and implementing a comprehensive risk-driven security roadmap. Collaborating closely with the CISO, you’ll design policies and procedures that enhance our security posture across production environments and internal IT. Your efforts will include overseeing vulnerability assessments, managing compliance protocols, and championing security awareness through effective training programs. Moreover, your expertise in governance and compliance will be crucial in leading our SOC certifications and enhancing compliance initiatives across the organization. At Pigment, we value your experience, passion, and problem-solving spirit, ensuring you grow within an inclusive environment. Join us in shaping a more secure future!

Frequently Asked Questions (FAQs) for Security Analyst (GRC Specialist) Role at Pigment

What skills do I need to become a Security Analyst (GRC Specialist) at Pigment?

To excel as a Security Analyst (GRC Specialist) at Pigment, you should ideally have at least 5 years of experience in governance and compliance domains, with a strong foundation in security engineering. A deep understanding of ISO27000 series standards and experience with vulnerability assessments and compliance audits are essential. Your ability to collaborate with various teams and communicate effectively will greatly benefit you in this role. Familiarity with GCP, Kubernetes, and security tools will also be advantageous.