Analyst, GRC

at Outreach
  • $81k-$108k
  • Remote - United States

Remote

Cybersecurity

Mid-level

Job description

Outreach is the first and only AI Sales Execution Platform built for intelligent revenue workflows. Built on the world’s largest foundation of customer interactions and go-to-market team data, Outreach’s leading revenue AI technology helps go-to-market professionals and their companies win by intelligently accelerating decision making and elevating sellers to do their best work. Our powerful platform gives revenue teams the tools they need to design, measure, and improve a revenue strategy for every stage of the customer journey, improving efficiency and effectiveness across the entire revenue cycle. Over 6,000 customers, including Zoom, McKesson, Snowflake, SAP, and Okta use Outreach to power workflows, put customers at the center of their business, improve revenue results, and win in the market.

Outreach is a privately held company based in Seattle, Washington, with offices worldwide. To learn more, please visit www.outreach.io.

The Role

Do you have a passion for SaaS and cloud security?  Are you passionate about solving important security, privacy and compliance problems for a rapidly growing cloud company?  We atOutreach.io need a well-organized governance, risk, and compliance professional to help operate and mature these foundational programs. We are looking for a capable security professional to manage the successful completion of our audits, assess our security risks and improve the efficiency of our security controls. This role blends project management skills together with traditional compliance expertise and a solid information security background together in order to successfully plan for and drive forward these programs.

You will be responsible for helping maintain existing and achieve new accreditations such as ISO 27001, ISO 27701, SOC 2, and HIPAA.  You will collaborate with others across the company to support policy management, participate in our audits, and improve the overall security posture across the company.  You will be working with our GRC, security, and privacy teams, as well as technical leaders and engineers, and our external auditors.

Location: This position is remote within the US, or it can be hybrid in Seattle or Atlanta.

Your Daily Adventures Will Include

  • Supporting the Outreach Information Security Management System (ISMS) governance, risk and compliance activities.
  • Contributing to our GRC strategy to keep pace with Outreach’s rapid growth while reducing audit impact on operational and engineering teams.
  • Developing and evolving information security policies and helping educate teams of their responsibilities and obligations.
  • Translating key internal, industry and regulatory obligations including the ISO 27001, ISO 27701, SOC 2 and HIPAA into appropriate administrative and technical controls and educating control owners.
  • Working with control owners to ensure effective and efficient control monitoring, as well as appropriate visibility of control activity.
  • Reviewing the operating effectiveness of current controls and developing a program of continual optimization based on feedback from both the ISMS and operational teams.
  • Extending the control framework to leverage commonalities between multiple assessments and improve the overall efficiency of the Outreach audit program.
  • Assisting internal teams through the preparation for and successful completion of a variety of key industry and regulatory audits from audit readiness through final assessment including remediation activities.
  • Helping to coordinate key internal, industry and regulatory audits including ISO 27001, SOC 2, and others.
  • Ensuring all in-scope functions and teams are prepared for audits.
  • Assisting with auditor relationships.
  • Incorporating audit findings and recommendations into the Information Security Management System (ISMS) and Control Framework programs.
  • Training and communicating responsibilities to control owners including the mapping, review and feedback of controls to specific audit requirements.
  • Reviewing audit evidence and any findings to assess and improve control effectiveness.
  • Working with Outreach management teams and engineers to identify and capture security risks and collaborate with risk owners to identify and put effective mitigations and remediations into place.
  • Ensuring cross company support of all aspects of security by establishing partnerships with other Outreach teams with the overarching goal of improving trust of Outreach and its products.
  • Demonstrated expertise in managing and ensuring compliance with organizational policies, including the development, implementation, and continuous improvement of policy management systems.
  • Support in the efforts of our vendor risk management program, including, but not limited to the assessment of, and follow up of governance documentation related to, vendor risk.

Our Vision Of You

  • 2+ years of building and managing compliance programs including policy definition and control design.
  • Bachelor’s degree.
  • Ability to work well within a team atmosphere as well as independently to achieve results within the dynamic Outreach culture.
  • Hands-on experience managing external auditors and on-site audits including proven experience passing ISO 27001, SOC 2 Type II and HIPAA audits.
  • Experience in establishing and maintaining compliance in AWS and cloud environments.
  • Thorough understanding of the latest regulatory requirements and associated security principles.
  • Excellent interpersonal and management skills.
  • Strong written and verbal communication skills.
  • Problem solving skills and ability to work under pressure.
  • Ability to maintain extreme confidentiality.
  • Willingness to take on additional responsibilities, as needed.

Nice To Have’s

  • A minimum of 2 years of experience in the technical interpretation and practical application of an information security program specifically in governance, risk, and compliance.
  • SOX IT Controls experience.
  • Extensive information security auditing and compliance experience.
  • Experience authoring and management of information security policies and standards.
  • Strong project management experience.
  • Direct experience interpreting industry and regulatory security requirements and authoring supporting controls.
  • Experience working as/or with auditors through complex audits.
  • Have a history of successful cross-organizational efforts.
  • Ability to analyze problems and make appropriate decisions quickly.
  • Ability to drive large, complex projects and create solutions.
  • Experience driving the development of GRC program strategies, performance metrics, and articulating business value and costs.

The annual base salary range for this role is $81,000 - $108,000 USD. You may also be offered incentive compensation, bonus, restricted stock units, and benefits. Actual compensation is based on factors such as your skills, qualifications, and experience. We also have a location-based compensation structure; there may be a different range for candidates in other locations.

#LI-SC1

#LI-Remote

Why You’ll Love It Here

• Flexible time off

• 401k to help you save for the future

• Generous medical, dental, and vision coverage for full-time employees and their dependents

• A parental leave program that includes options for a paid night nurse, and a gradual return to work

• Infertility/ assisted reproductive services benefit

• Employee referral bonuses to encourage the addition of great new people to the team

• Snacks and beverages in the Office, along with fun events to celebrate

• Diversity and inclusion programs that promote employee resource groups like Outreach Women’s Network, Latinx community, Outreach Black Connection, AAPI community, Pride/LGBTQIA+, Gender+, Disability Community, and Veterans/Military

Outreach is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.

Our success is reliant on building teams that include people from different backgrounds and experiences who can elevate assumptions and ideas with fresh perspectives. We’re dedicated to hiring the whole human, not just a resume. To that end, we look for a diverse pool of applicants-including those from historically marginalized groups. We would like to invite you to apply even if you don’t think you meet all of the requirements listed below. We don’t want a few lines in a job description to get between us and the opportunity to meet you.

Share this job:
Please let Outreach know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Latest Jobs at Outreach

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply