Cyber GRC Senior Analyst

Cyber GRC Senior Analyst at CrowdStrike

As a global leader in cybersecurity, CrowdStrike protects the people, processes, and technologies that drive modern organizations. Since 2011, their mission has been to stop breaches, redefining modern security with the world's most advanced AI-native platform. Customers across all industries rely on CrowdStrike to keep their businesses running, communities safe, and lives moving forward. CrowdStrike is also a mission-driven company, cultivating a culture that offers flexibility and autonomy for every CrowdStriker to own their career. They seek talented individuals with limitless passion, a relentless focus on innovation, and a fanatical commitment to customers, community, and each other. The future of cybersecurity starts with you.

About This Role

CrowdStrike is seeking a Cyber GRC Senior Analyst to join their Policy, Risk Management, and Controls team. This team assesses, manages, and reports on security risk, handles compliance issues, and ensures appropriate governance, awareness, and remediation. This role offers an opportunity to work in a fast-paced, secure, and empowered environment within the tech industry, alongside experienced security professionals.

• Policy Management: Create, develop, and maintain information security policies, standards, and procedures aligned with CrowdStrike’s security requirements and external obligations.
• Risk Management: Develop and maintain risk controls and mitigation strategies, create and update risk management documentation and policies, collaborate with stakeholders to evaluate and address security risks, and monitor and report on risk metrics and KPIs.
• Reporting and Analysis: Generate detailed reports and dashboards to identify and analyze data, root causes, risk, and trends.
• Collaboration and Resolution: Collaborate with cross-functional teams to address and understand policy, risk, and controls, resolve identified issues, lead investigations, and communicate technical risks, requirements, and findings to non-technical stakeholders.
• Process Optimization: Identify opportunities to streamline and optimize processes, automate functionality, and maintain comprehensive documentation.

What You'll Do

• Manage information security policy, standards, procedures, and organize/triage update requests with content owners and stakeholders; drive annual reviews and ad hoc updates.
• Work across security teams and the business, driving common approaches to risk and requirement analysis.
• Work with stakeholders to resolve issues and exceptions in a timely manner.
• Identify and mitigate high-priority risks, reducing risk exposure to the organization.
• Identify opportunities to streamline and optimize policy, risk, control, and issues and exceptions processes, reducing manual effort and improving efficiency.
• Communicate technical findings and resolutions to non-technical stakeholders effectively, resulting in high stakeholder satisfaction.
• Proactively identify areas of improvement within Cyber GRC and lead efforts to address and remediate.
• Develop and provide training and communications to stakeholders on risk and control processes.
• Perform other duties within the scope of GRC.

What You'll Need

Education and Experience:

• Bachelor's Degree: A Bachelor's degree in Computer Science, Information Security, or a related field is required.
• Experience: 5-10 years of experience in a security-related role, with experience in issue and exception management, risk assessment, and compliance.

Technical Skills:

• Strong technical knowledge and understanding of security concepts, including risk management and compliance.
• Certifications: Relevant certifications such as CISSP, CISM, or CRISC are preferred.
• Experience in security risk management, including risk assessments, issue management, and risk mitigation.
• Practical experience with requirements and controls from regulatory requirements such as SOC1/SOC2, CSA-CCM, ISO27001/27002/27031, GDPR, PCI-DSS and frameworks such as NIST Risk 800-34, NIST 800-53, etc.
• Understanding of key technologies such as operating systems, networks, application development, databases, virtualization, and cloud infrastructures.

Soft Skills:

• Proven track record of successfully collaborating with cross-functional teams to achieve business objectives.
• Ability to build rapport and maintain relationships across functions within the company, with external vendors, and with governmental teams.
• Ability to think strategically about risks and tie those risks to tactical organizational activities.
• Leadership skills to lead issue analysis, security risk assessments, and collaborate with cross-functional teams.
• Strong analytical and problem-solving skills to identify root causes, risk, and trends.
• Excellent communication and collaboration skills to work with various stakeholders and communicate technical findings to non-technical stakeholders.

Program And Project Management:

Program and project management experience in scoping, work breakdown, critical path analysis, resourcing, managing time and cost estimates, project risks, and quality.

Bonus Points

• Experience with leading GRC products, such as ServiceNow, and/or cloud environments, including CrowdStrike products or services.
• Practical experience in Software Development and Secure Coding best practices.

Key skills/competency

• Cyber GRC
• Risk Management
• Information Security Policies
• Compliance Frameworks (e.g., NIST, ISO27001, SOC2)
• Issue Management
• Stakeholder Communication
• Process Optimization
• Security Risk Assessment
• Data Analysis
• ServiceNow