Juniper Square is hiring a Senior GRC Analyst to support and evolve our governance, risk, and compliance program. At our values-driven company, you will build scalable, right-sized risk management processes to support our mission of unlocking the full potential of private markets. You'll work closely with a broad set of cross-functional stakeholders to ensure a robust security and privacy posture.

What You'll Do

Maintain and onboard existing and new security compliance certifications and frameworks, such as SOC2 and ISO 27001.
Work with cross-functional teams to procure controls evidence for external auditors and issue reports timely.
Improve the audit process through automation and controls rationalization year over year.
Monitor and test effectiveness of compliance control health throughout the year.
Serve as a subject matter expert for all things compliance; identify and assess business changes for relevant impacts on compliance posture.
Maintain our trust center by keeping security documents and knowledge base up-to-date.
Support sales teams with open security and privacy questions and review incoming security and privacy addendums to customer contracts.
Support customer security and privacy audits.
Coach and educate Sales and Solutions Engineering teams on our security and compliance posture.
Develop a comprehensive set of security and privacy policies and procedures working with Legal, HR, IT, and Engineering.
Update policies and procedures annually while incorporating stakeholder feedback and obtain approval.
Define and manage incoming policy exceptions on an ongoing basis to manage associated risk.
Develop and implement role and team-specific security and privacy training working closely with key business partners.
Manage the roll-out, escalation, and completion of all security and privacy training modules.
Manage phishing campaigns on an ongoing basis with appropriate re-training processes baked in.
Refine existing phishing reporting processes and integrate them better with our incident management processes.
Ensure the GRC function meets key performance metrics.
Maintain business unit risk registers with existing teams on a monthly basis to appropriately address key risks areas.
Co-develop and coach business units on right-sized and right-scoped risk remediation plans.
Work with cross-functional teams to onboard new business units onto the risk management process.
Triage incoming technical security requests for vendor application or system integrations and route to appropriate teams for input.
Conduct security risk assessments and audits of vendors to evaluate the maturity of their security programs, controls, and documentation.

What We're Looking For

Bachelor's degree in information systems, engineering, business, risk management, or a related field.
5+ years of experience in GRC, security, audit, or a related field with past experience in managing a SOC2 or ISO 27001 program.
Knowledge of GRC frameworks and regulations.
Experience developing scalable GRC processes.
Ability to work on multiple GRC projects simultaneously.
Ability to partner with stakeholders collaboratively, providing “guardrails” without having a “gated” approach to risk management.
Excellent communication and interpersonal skills.