Your Impact

The Senior Information Security GRC Analyst drives and supports the security governance and risk and compliance programs. They perform reviews, assessments, and audits, conduct research, and facilitate communication to internal and external stakeholders where necessary. They monitor, coordinate, and implement documentation to support security, compliance, and audit requirements. They ensure compliance with our audit obligations and drive continual improvement in our risk and cyber-security posture.

What You'll Do

● Information Security Compliance Program: Drives the information security programs including risk management and compliance testing. Coordinates security risk assessment activities and security compliance audits. Operates and improves security audit procedures relevant to SOC 2 & ISO 27001.
● Compliance and Audits: Leads existing compliance programs and processes. Designs and executes audit procedures to assess and measure company compliance with its security policies and procedures. Supports in compliance testing and monitoring of regulatory obligations, and other regulatory matters as required. Maintains a library of security and compliance documentation.

● Third Party Risk Management: Drives due diligence and risk assessments for vendors and suppliers, ensuring that they meet security and compliance requirements. Maintains customer facing Trust Center and related documents. Leads response generation to customer questions and assessments.

● Reporting and Documentation: Collects, analyzes, and prepares reports required for senior management, regulators, and other relevant stakeholders. Works closely with internal stakeholders on resolution of risk and compliance issues. Documents, investigates, and reports cybersecurity compliance issues and incidents. Supports activities related to contingency planning, business continuity management, and IT disaster recovery. Maintains and improves information security

Who You Are

● 4+ years of direct experience in security operations, risk or compliance management
● 1+ years of IT or other relevant technical experience
● Extensive knowledge and experience with ISO 27001 or SOC2
● Experience leading audit activities and engagements
● Strong understanding of cloud computing concepts and relevant security controls.
● Experience coordinating tasks to complete third party assessments
● Experience writing clear and concise policies, procedures, or controls in one or more standards/frameworks
● Experience securing the public cloud (AWS, GCP, Azure)
● Experience responding to security and compliance questions from client and customerorganizations

Even Better If You Have...

● Knowledge of computer networking concepts and protocols, and network security methodologies
● Knowledge of risk management processes
● Knowledge of cyber threats and vulnerabilities
● Ability to advance multiple projects concurrently
● Ability to work both independently and as part of a team
● Excellent oral and written communication skills, with the ability to clarify complex topics to both technical and non-technical audiences

Perks of DISCO

• Open, inclusive, and fun environment
• Benefits, including medical and dental insurance
• Competitive salary plus discretionary bonus
• Opportunity to be a part of a startup that is revolutionizing the legal industry
• Growth opportunities throughout the company