Senior Security Analyst, GRC Content

Full Time
7 months ago
Strength in Trust 

OneTrust is the trust intelligence cloud platform organizations use to transform trust from an abstract concept into a measurable competitive advantage. Organizations globally use OneTrust to enable the responsible use of data while protecting the privacy rights of individuals, implement and report on their cyber security program, make their social impact goals a reality, and create a speak up culture of trust. Over 14,000 customers use OneTrust's technology, including half of the Global 2,000. OneTrust currently ranks #24 on the Forbes Cloud 100 list of top private cloud companies in the world and employs over 2,000 people in regions across North America, South America, Asia, Europe, and Australia.

The Challenge

We are seeking a highly skilled Senior Analyst to join our dynamic team. In this role, you will play a pivotal role in strengthening the effectiveness of the OneTrust Platform through the creation of new GRC content, as well as providing robust support for existing content across a spectrum of compliance frameworks (which includes SOC 2, ISO27001, PCI DSS, NIST CSF, HIPAA, privacy regulations (GDPR, CCPA and other state privacy laws), NIST 800-53, NIST AI RMF etc). Your responsibilities will include addressing security and privacy inquiries, aiding cross-functional teams with expert security insights, and contributing to the continuous enhancement of OneTrust platform. This role demands a strong background in security and privacy, alongside the ability to develop and implement reliable, standardized processes.

Your Mission
  • Develop comprehensive content, encompassing policies, controls, implementation guidelines, templates and mapping relationship, tailored to various compliance frameworks.
  • Conduct thorough research and analysis to ensure accurate and up-to-date content development.
  • Interpret and translate complex regulatory requirements into clear and concise documentation.
  • Continuously refine and update content in response to framework revisions or regulatory changes.
  • Stay informed about industry trends, emerging regulations, and best practices related to compliance frameworks.
  • Engage in collaborative efforts with internal teams (including sales, customer support, and marketing) to solicit feedback on content and actively identify market demand for various compliance frameworks.
  • Effectively communicate content-related updates within OneTrust Platform.
  • Address security and privacy inquiries related to specific compliance frameworks to enhance support for customers by addressing their needs regarding out-of-the-box content.
  • Engage in internal brainstorming sessions and contribute to user acceptance testing for new product releases.
  • Maintain thorough knowledge of OneTrust Platform and offer feedback on product features such as ERM, Compliance Modules, Policy Modules, Third-party Risk Management Module (TPRM) etc.
  • Deliver training sessions to internal stakeholders as necessary on newly launched frameworks within the OneTrust platform.
You Are
  • Bachelor's degree in a relevant field (e.g., Information Technology, Business Administration, Compliance).
  • Minimum 4 years of experience in information security and privacy compliance, consulting, or research, spanning multiple industries.
  • In-depth knowledge of various compliance frameworks such as SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR, NIST etc.
  • Proven experience in developing content related to controls, policies, and risk management and working with any compliance management software.
  • Strong analytical skills with the ability to interpret complex regulatory requirements.
  • Excellent communication and interpersonal skills, with the ability to collaborate effectively across teams.
  • Detail-oriented approach with a focus on accuracy and quality.
  • Demonstrated knowledge of key IT controls and risk assessment concepts.
  • Understanding of audit practices and methodologies.
  • Ability to manage multiple tasks concurrently.
  • Relevant certifications (e.g., CISA, CRISC, CISSP, CIPP/E, CIPP/C, CIPP/US) preferred.

 

For California, Colorado, Connecticut, Nevada, New York, Rhode Island, and Washington-based candidates: the annual base pay range for this role is listed below. Within this range, individual pay is determined by several factors, including location, job-related skills, work experience, and relevant education and/or training. This role may also be eligible for discretionary bonuses, equity, and/or commissions, as well as benefits.

Salary Range$101,250—$151,875 USDWhere we Work

OneTrust embraces a hybrid working model. Our Working@ OneTrust initiative is our way of clarifying where we hire, how we work together, and where we’re located in that hybrid model.  

The underlying “why” for Working@ is that we are intentional about the culture that we want to create together. That includes bringing teams together, in-person, throughout the year to collaborate, build connections, learn from each other, and celebrate our wins toFinish Stronger.  

We are committed to a flexible approach informed by a set of guiding principles. You’ll see that reflected in our worker designations: “Office-flex” and “Location-flex”.

  • Office-flex: Like a traditional hybrid model, OneTrust “Office-flex” employees may be asked to work in an office periodically if they are within a commutable distance to a OneTrust office. This includes coming into the office for our Company Kickoff, Company All Hands, and other larger company events. Beyond that, we give our leaders and teams the flexibility to set additional guidelines based on the nature of your role.  
  • Location-flex: Similar to other companies’ remote policies, for OneTrust “Location-flex" roles, you will primarily work from your home office location. However, you may be required to travel to our OneTrust offices or customer sites periodically based on the nature of your role.

Each role may have specific requirements, so we encourage you to verify the location of the role with your recruiter during your first interview.

Benefits

As an employee at OneTrust, you will be part of the OneTeam. That means you’ll receive support physically, mentally, and emotionally so that you can do your best work both in and out of the office. This includes comprehensive healthcare coverage, flexible PTO, equity stock options, annual performance bonus opportunities, retirement account support, 14+ weeks of paid parental leave, career development opportunities, company-paid privacy certification exam fees, and much more. Specific benefits differ by country. For more information, talk to your recruiter or visit onetrust.com/careers.

Resources  

Check out the following to learn more about OneTrust and its people: 

  • OneTrust Careers on YouTube
  • @LifeatOneTrust on Instagram
Your Data

You have the right to have your personal data updated or removed. You also have the right to have a copy of the information OneTrust holds about you. Further details about these rights are available on the website in our Privacy Overview. You can change your mind at any time and have your personal data removed from our database. In order to do this you must contact us and let us know you wish to be removed. The request should be made on the Data Subject Request Form.

Our Commitment to You 

When you join OneTrust you are stepping onto a launching pad — the countdown has begun. The destination? A career without boundaries working alongside a diverse and inclusive crew who is passionate about doing meaningful work. As a pioneer, your voice and expertise will help chart the direction of an entirely new industry — Trust. Our commitment to putting people first starts with you. Your growth is part of the mission. Our goal is to give you the power to embark on the next phase of your uniquely, unique career 

OneTrust provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by local laws.