It's fun to work in a company where people truly believe in what they're doing!
At BlackLine, we're committed to bringing passion and customer focus to the business of enterprise applications.
Since being founded in 2001, BlackLine has become a leading provider of cloud software that automates and controls the entire financial close process. Our vision is to modernize the finance and accounting function to enable greater operational effectiveness and agility, and we are committed to delivering innovative solutions and services to empower accounting and finance leaders around the world to achieve Modern Finance.
Being a best-in-class SaaS Company, we understand that bringing in new ideas and innovative technology is mission critical. At BlackLine we are always working with new, cutting edge technology that encourages our teams to learn something new and expand their creativity and technical skillset that will accelerate their careers.
Want more jobs like this?
Get jobs in Larkhall, United Kingdom delivered to your inbox every week.
The Senior GRC Analyst will operationally lead Information Security Governance, Risk Management, and Compliance (GRC) workflows, validate adherence to information security standards, lead audit and regulatory compliance projects, facilitate information security awareness initiatives, and oversee the maintenance of standards and policies that govern the information security and privacy management system programs for the company.
You'll Get To:
Contribute to the ongoing development of Information Security GRC activities, strategy, and roadmap.
Perform or supervise core Information Security GRC activities (i.e. Privileged Access Reviews, Subservice Organization Risk Reviews, Information Security & Privacy Awareness Program, Exception Management Review, etc.)
Lead the successful operation of the IT Risk Assessment, Vendor Management, and Risk Management programs.
Evaluate design and implementation of security and privacy controls and build out automated operating effectiveness control monitoring capabilities.
Support and facilitate internal and external audits across security and privacy compliance programs (ISO 27001, ISO 27017, ISO 27018, ISO 27701, SOC 1, SOC 2, etc.).
Collect and maintain evidence of compliance with information security and privacy policies and regulatory requirements (i.e. GDPR, CCPA, SOC, HIPAA, PCI-DSS, etc.).
Draft written responses to customers and prospects on information security and privacy controls and regulatory compliance.
Review and update information security and privacy policies, procedures, standards, and other information security documentation.
Assist in maintaining information security documentation repository.
Support vendor due diligence, security and privacy assessments, gap assessments, and review processes.
Review the work of junior analysts related to Information Security GRC activities.
Train junior analysts on Information Security GRC activities, information security and privacy policies, and regulatory and audit requirements.
Collaborate with key stakeholders from different departments to improve and/or automate information security and privacy control and GRC processes and documentation.
What You'll Bring:
5+ years of full-time work experience in information security GRC, IT Audit or IT Risk Management. Experience in leading security assessments, IT vendor risk assessments, and InfoSec program management.
Understanding of technical aspects of information security domains.
Knowledge of common IT technologies and processes.
Strong understanding of Information Security and Information Technology frameworks and standards, such as ITIL, COBIT, NIST 800-53, SOC 1, SOC 2, and ISO 27000 series.
Thorough understanding of Audit and Risk Management principles and methodologies.
Ability to transform abstract regulatory requirements into cohesive compliance actions.
Good communication skills including ability to present technical subjects to non-technical audiences.
Strong work ethic, attention to detail, and organizational skills.
Ability to multi-task and manage priorities in a fast-paced environment.
Ability to collaborate in a team setting and moderate conversations involving cross-functional groups.
Conceptual understanding of software development methodologies.
Proficient with Microsoft O365 and Atlassian productivity suites; including presentation and dashboarding capabilities.
Working knowledge of PII, PHI, financial data regulations, data residency requirements, and international regulatory aspects pertaining to sensitive information (i.e. GDPR, CCPA, SOX, HIPAA, PCI-DSS, NYDFS 500, CPS 234, etc.)
Knowledge of tools services commonly employed within InfoSec is a plus.
Experience with Application Security, SaaS, or public cloud security is a plus.
CIPM, CIPT, CDPSE, or other privacy certification is a plus.
CISSP, CISA, or a similar risk management, audit, or security certification.
A technology-based company with a sense of adventure and a vision for the future. Every door at BlackLine is open. Just bring your brains, your problem-solving skills, and be part of a winning team at the world's most trusted name in Finance Automation!
A culture that is kind, open, and accepting. It's a place where people can embrace what makes them unique, and the mix of cultural backgrounds and varying interests cultivates diverse thought and perspectives.
A culture where BlackLiner's continued growth and learning is empowered. BlackLine offers a wide variety of professional development seminars and inclusive affinity groups to celebrate and support our diversity.
BlackLine is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity or expression, race, ethnicity, age, religious creed, national origin, physical or mental disability, ancestry, color, marital status, sexual orientation, military or veteran status, status as a victim of domestic violence, sexual assault or stalking, medical condition, genetic information, or any other protected class or category recognized by applicable equal employment opportunity or other similar laws.
BlackLine recognizes that the ways we work and the workplace itself has shifted. We innovate in a workplace that optimizes a combination of virtual and in-person interactions to maximize collaboration and nurture our culture. Candidates who live within a reasonable commute to one of our offices will work in the office at least 2 days a week.
Client-provided location(s): United Kingdom
Job ID: blackline-5064-en-us Employment Type: Other
