Job description
About Juniper Square
Our mission is to unlock the full potential of private markets. Privately owned assets like commercial real estate, private equity, and venture capital make up half of our financial ecosystem yet remain inaccessible to most people. We are digitizing these markets, and as a result, bringing efficiency, transparency, and access to one of the most productive corners of our financial ecosystem. If you care about making the world a better place by making markets work better through technology โ all while contributing as a member of a values-driven organization โ we want to hear from you.
Juniper Square offers employees a variety of ways to work, ranging from a fully remote experience to working full-time in one of our physical offices. We invest heavily in digital-first operations, allowing our teams to collaborate effectively across 27 U.S. states, 2 Canadian Provinces, India, Luxembourg, and England. We also have a physical offices in San Francisco, New York City, Mumbai and Bangalore for employees who prefer to work in an office some or all of the time.
About your role
The GRC Analyst is responsible for supporting the organization’s governance, risk management, and compliance (GRC) program. The ideal candidate will have a strong understanding and experience building scalable, right-sized risk management and compliance processes for a high-growth company. The successful candidate will also possess strong analytical and problem-solving skills, as well as excellent communication and interpersonal skills. This role will work closely with a broad set of cross-functional stakeholders within the company and should be able to build a rapport and influence towards appropriate risk management outcomes.
What youโll do
Governance (20%)
Policy Management
Develop a comprehensive set of security and privacy policies and procedures working with Legal, HR, IT, Engineering.
Update policies and procedures annually while incorporating stakeholder feedback and obtain approval
Define and manage incoming policy exceptions on an ongoing basis to manage associated risk
Security and Privacy Training and Awareness
Develop and implement role and team specific security and privacy training working closely with key business partners.
Manage the roll-out, escalation and completion of all security and privacy training modules.
Phishing Management
Manage phishing campaigns on an ongoing basis with appropriate re-training processes baked into the process
Refine existing phishing reporting processes and integrate this better with our incident management processes
GRC Metrics and Reporting
- Ensure the GRC function meets key performance metrics
Risk (40%)
Risk Management
Maintain business unit risk registers with existing teams on a monthly basis to appropriately address key risks areas
Co-develop and coach business units on right-sized and right-scoped risk remediation plans
Work with cross-functional teams to onboard new business units onto the risk management process
Third-Party Risk Management
Continuously improve vendor and contractor risk assessments during vendor onboarding with a defined SLA.
Conduct annual vendor monitoring and re-assessment processes for existing vendors
Maintain the vendor risk register and work with vendors to reduce risk on an ongoing basis
Compliance (40%)
Compliance
Maintain and onboard existing/new security compliance certifications and frameworks (e.g. SOC2, ISO and others)
Work with cross-functional teams to procure controls evidence to provide to external auditors timely and issue reports timely.
Work cross functionally between teams and auditors to ensure a smooth and efficient audit process
Improve the audit process through automation and controls rationalization year over year
Monitor and test effectiveness of compliance control health throughout the year; not just during audits
Serve as a subject matter expert for all things compliance;
1. Identify and assess business changes for relevant impacts on compliance posture (e.g. geographical expansion, internal tool replacement, new products)
Customer Trust
Maintain our trust center by keeping security documents and knowledge base up-to-date
Support sales teams with open security and privacy questions
Review incoming security and privacy addendums to customer contracts
Support customer security and privacy audits
Work with Sales and Solutions engineering to coach and educate teams on our security and compliance posture
Qualifications
Bachelor’s degree in information systems, engineering, business, risk management, or a related field
5+ years of experience in GRC, security, audit or a related field with past experience in managing a SOC2/ISO 27001 program
Knowledge of GRC frameworks and regulations
Experience developing scalable GRC processes
Ability to work on multiple GRC projects simultaneously
Ability to partner with stakeholders collaboratively โguardrailsโ without having a โgatedโ approach to risk management
Excellent communication and interpersonal skills
Compensation
Compensation for this position includes a base salary and a variety of benefits. The U.S. base salary range for this role is $135,000 to $190,000. Actual base salaries will be based on candidate-specific factors, including experience, skillset, and location, and local minimum pay requirements as applicable.
Benefits include:
Health, dental, and vision care for you and your family
Life insurance
Mental wellness coverage
Fertility and growing family support
Flex Time Off in addition to company paid holidays
Paid family leave, medical leave, and bereavement leave policies
Retirement saving plans
Allowance to customize your work and technology setup at home
Annual professional development stipend
Your recruiter can provide additional details about compensation and benefits.
#LI-AD1
