Senior GRC Analyst - job 2 of 2

Remote

At Hopin, we’re reimagining virtual events.

As the first all-in-one virtual venue for live online events, Hopin brings people together in a highly interactive and engaging online experience that feels just like an in-person event, only without the barriers. Whether it’s a 50-person meetup, or a 50,000-person conference—any type of event organizer can host a Hopin event for their attendees, speakers, sponsors, and vendors to convene, learn, and interact face-to-face online. We’re spearheading the innovative technology that is enabling people to gather online like never before.

Our mission is simple: better connections for a better planet. 

We believe in events without limits, but events that are sustainable and accessible to everyone—and fun, too! To do this, we need passionate builders and storytellers to join us. Do you love people and technology and the magic that happens when they converge at scale? Do you have the skills and experience we’re looking for to better serve our clients? If so, we’d like to meet.

We’ve been recently funded by a16z, General Catalyst, IVP, Accel, DFJ Growth, Northzone, Coatue, Tiger Global, Salesforce Ventures and many other high profile investors.

About You

As a Senior GRC Analyst at Hopin you will be a part of a team that designs and implements policies and standards, systems and solutions to protect Hopin and it’s customers. You will be exposed to a diverse and collaborative team; coordinating with Sales, Procurement, Infrastructure, Legal, Engineering, and Business Operations as well as external clients. 

The Security team is small and we are looking for someone who is a motivated self-starter who is inspired by the idea of building new systems to support a rapidly growing platform. We are a remote-first company with staff in more than forty countries. We operate around the clock and strive to support flexible hours and schedules.

Main Tasks

• Interpret regulatory, industry and internal governance requirements and convert into actionable work items in a logical manner.
• Proactively identify gaps or conflicts in existing processes and help develop solutions with the stakeholders
• Assist with implementing compliance programs and routines
• Help maintain, improve and develop policies and standards that support the overall Information Security Program
• Communicate to key stakeholder to develop robust security controls in line with overall security strategy
• Perform controls testing, document results, and provide detailed updates to internal stakeholders
• Track remediation work identified by internal audit to completion 
• Assist with implementing compliance programs and routines
• Assist process/control owners with the design/implementation of controls and related documentation (e.g., policies, procedures, narratives, and matrices)
• Perform controls testing, document results, and provide detailed updates to internal stakeholders
• Proactively identify gaps or conflicts in existing processes and help develop solutions with the stakeholders

Qualifications

• Exposure to the following regulatory and compliance frameworks SoC1 and SoC2 (SSAE16), ISO2700x, FedRamp, COPPA, ITIL, NIST, SOX, PCI DSS
• Familiarity with Cloud Infrastructure technologies (AWS, GCP, Heroku)
• Experience in a highly SaaS/PaaS environment
• Ability to quickly acquire and apply knowledge of changing technologies implemented is essential
• Understanding of global data protection laws, standards, and associated frameworks (e.g. GDPR, CCPA, and APEC CBPR)
• Strong verbal and written communication skills
• Ability to translate Controls & Requirements into actionable technical specifications
• Have the ability to use a risk-based audit approach in evaluations of and recommendations for management processes
• Ability to present audit findings and recommendations in a manner that will be understood and accepted by all involved parties
• Ability to manage dynamic priorities, accurately and actively set expectations with partners

Nice to Have

• Bachelor's degree in Information Systems or related field, or equivalent experience
• Certified Information Systems Auditor (CISA) and/or Certified in Risk and Information Systems Control (CRISC)
• Certified in Governance of Enterprise IT (CGEIT), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), CPA, and/or CIA.
• Project management experience

The Offer

• Competitive salary
• Fully remote, global team
• Flexible schedules
• Laptop assigned, Mac or Dell (Windows)
• Health Insurance Support
• Parental Leave
• Monthly Wi-Fi stipend
• $800 USD for Home-Office set up
• $1500 USD for Learning & Development

At Hopin, we're committed to cultivating an environment that promotes equality, diversity, and inclusion. We are a global community and we believe our unique qualities must be celebrated as they are critical to our innovation. It's essential to us that you bring your authentic self to work every single day, no matter your age, ethnicity, religion, citizenship, gender identity, sexual orientation, disability status, neurodiversity, or otherwise. Inclusion isn't just an initiative at Hopin. We strive to embed it not just into our core values but throughout our entire ecosystem.