Senior GRC Analyst - job 1 of 2

At Hopin, we’re reimagining events. Our mission is simple: we exist to make the world feel closer. 

Founded in 2019, Hopin brings brands and communities together around highly interactive and engaging experiences. We believe that people should have access to the conversations, moments and ideas they care most about, no matter where they are. Through our highly scalable platform, participants are able to learn, engage, and connect from anywhere in the world. 

Hopin started as a virtual events solution but we have since meaningfully expanded our offering from virtual events to hybrid and in-person events, as well as video and workplace collaboration products. This growth has been fueled by a series of strategic acquisitions, including: Boomset - an all-in-one event management platform; Attendify - advancing Event Marketing products; StreamYard - unveiling a video production Studio; video hosting service Streamable and video technology company Jamm.

Listed as one of the 2021 Fast Company Best Workplaces for Innovators, Hopin has scaled to 800+ employees working remotely across 47 countries. Valued at $7.75B, Hopin raised a $450M Series D round of financing and is backed by top tier investors, including Arena Holdings, Altimeter Capital, Adam Street Partners, Untitled Investments, XN Capital, Andreessen Horowitz, DFJ Growth, General Catalyst, GIC, IVP, Northzone, Salesforce Ventures, Slack, Temasek and Tiger Global.

About You

As a Senior GRC Analyst at Hopin you will be a part of a team that designs and implements policies and standards, systems and solutions to protect Hopin and it’s customers. You will be exposed to a diverse and collaborative team; coordinating with Sales, Procurement, Infrastructure, Legal, Engineering, and Business Operations as well as external clients. 

The Security team is small and we are looking for someone who is a motivated self-starter who is inspired by the idea of building new systems to support a rapidly growing platform. We are a remote-first company with staff in more than forty countries. We operate around the clock and strive to support flexible hours and schedules.

Main Tasks

Interpret regulatory, industry and internal governance requirements and convert into actionable work items in a logical manner.

Proactively identify gaps or conflicts in existing processes and help develop solutions with the stakeholders

Assist with implementing compliance programs and routines

Help maintain, improve and develop policies and standards that support the overall Information Security Program

Communicate to key stakeholder to develop robust security controls in line with overall security strategy

Perform controls testing, document results, and provide detailed updates to internal stakeholders

Track remediation work identified by internal audit to completion 

Assist with implementing compliance programs and routines

Assist process/control owners with the design/implementation of controls and related documentation (e.g., policies, procedures, narratives, and matrices)

Perform controls testing, document results, and provide detailed updates to internal stakeholders

Proactively identify gaps or conflicts in existing processes and help develop solutions with the stakeholders

Qualifications

Exposure to the following regulatory and compliance frameworks SoC1 and SoC2 (SSAE16), ISO2700x, FedRamp, COPPA, ITIL, NIST, SOX, PCI DSS

Familiarity with Cloud Infrastructure technologies (AWS, GCP, Heroku)

Experience in a highly SaaS/PaaS environment

Ability to quickly acquire and apply knowledge of changing technologies implemented is essential

Understanding of global data protection laws, standards, and associated frameworks (e.g. GDPR, CCPA, and APEC CBPR)

Strong verbal and written communication skills

Ability to translate Controls & Requirements into actionable technical specifications

Have the ability to use a risk-based audit approach in evaluations of and recommendations for management processes

Ability to present audit findings and recommendations in a manner that will be understood and accepted by all involved parties

Ability to manage dynamic priorities, accurately and actively set expectations with partners

Nice to Have

Bachelor's degree in Information Systems or related field, or equivalent experience

Certified Information Systems Auditor (CISA) and/or Certified in Risk and Information Systems Control (CRISC)

Certified in Governance of Enterprise IT (CGEIT), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), CPA, and/or CIA.

Project management experience

The Offer

Competitive salary

Fully remote, global team

Flexible schedules

Laptop assigned, Mac or Dell (Windows)

Health Insurance Support

Parental Leave

Monthly Wi-Fi stipend

$800 USD for Home-Office set up

$1500 USD for Learning & Development

At Hopin, we're committed to cultivating an environment that promotes equality, diversity, and inclusion. We are a global community and we believe our unique qualities must be celebrated as they are critical to our innovation. It's essential to us that you bring your authentic self to work every single day, no matter your age, ethnicity, religion, citizenship, gender identity, sexual orientation, disability status, neurodiversity, or otherwise. Inclusion isn't just an initiative at Hopin. We strive to embed it not just into our core values but throughout our entire ecosystem.