At InRule Technology, we revolutionize the way organizations in more than 40 countries worldwide make mission-critical decisions by infusing cutting-edge technology into their processes. Some of the largest banks, insurance companies, healthcare organizations, and governments rely on InRule to deliver frictionless, intuitive solutions that provide the power of computing without the complexity of programming.
As part of the InRule Technology team, you'll be at the forefront of a technological revolution, helping drive adoption of our powerful AI Decisioning platform that weaves together declarative logic, non-declarative machine learning, and human-in-the-loop automation.
InRule enables automated decision-making, driving tangible results and propelling organizations toward unprecedented heights of productivity. In 2023, Forrester named InRule a Leader in The Forrester WaveTM: AI Decisioning Platforms.
Reporting to the VP, Technical Operations, the GRC Security Analyst will drive the planning and execution of our global Governance, Risk, and Compliance (GRC) initiatives and audits. At InRule, this is a vital role that collaborates closely with other departments to ensure compliance with regulations and industry standards.
Responsibilities
Coordinate and manage compliance audit activities with external auditors and internal control owners to ensure timely and successful completion of audit requirements related to SOC2, ISO27001, GDPR, and other future frameworks.
Work with the Data Protection Officer (DPO) to execute data deletion requests, maintain our privacy policy, and track data sub-processors.
Conduct risk assessments and software vulnerability assessments to identify potential cybersecurity threats; document and follow up on security-related findings.
In preparation for external audits, support monitoring, evidence collection, gap assessments, and reviews as needed.
Conduct periodic reviews and audits of internal policies, controls, and processes; publish findings outlining successes and opportunities for improvement.
Partner with business stakeholders (such as Engineering and IT Operations management) to identify risks, propose mitigation strategies, and inform on emerging security threats and trends.
Develop and maintain basic GRC documentation, such as policy and procedure documents or project plans.
Manage and document scalable processes and automation to support our growth and compliance initiatives.
Develop and assess operating effectiveness of controls.
Assist in completion of customer assurance activities, such as security questionnaires.
Perform vendor security evaluations of existing and new vendors.
Required Skills & Experience
At least 5+ years of experience managing or maturing GRC programs, preferably within a high-growth Cloud/SaaS environment
Have a strong working knowledge of ISO27001, SOC2, and GDPR
Ability to identify gaps, create mitigation plans, and work with control owners to implement changes
Experience interacting with current and prospective customers to help navigate the security review process
Strong communication skills with the ability to build relationships across departments and cultures as part of a global distributed team
Experience using compliance and security tools; experience with Vanta is highly desired
Excellent interpersonal, communication, and presentation skills, including findings and report writing experience