Chronograph
GRC Analyst (Governance, Risk, & Compliance Analyst)
Chronograph, New York, New York, us, 10261
Overview
Chronograph was founded to bring next-generation technology to private capital markets. Through our suite of cloud-based analytics and data management solutions, we help many of the world's largest and most sophisticated venture capital, private equity, and credit funds understand their investment performance in unprecedented detail, with over $20 trillion of AUM monitored via our solution suite.
At Chronograph, we get to go "behind the scenes" and work directly with investors who are driving some of the most impactful changes across high growth start-ups, global infrastructure and renewable energy, growth equity, and all other private capital strategies. The firm is backed by The Carlyle Group, Nasdaq Inc., and Summit Partners, and has seen continuous rapid growth since its founding in 2016.
The Opportunity
Bring your expertise to a highly collaborative, creative, and innovative team with a market-leading technology product suite. Chronograph is looking for an experienced GRC Analyst to help scale our internal and external compliance program. Key functions for this role include maintaining and supporting the upkeep of our established SOC2 controls, preparing for future audit efforts such as ISO27001, and assisting in the ongoing maturation of our NIST RMF risk management program.
We are looking for a business enabler who will be responsible for supporting critical portions of our compliance roadmap. As a leader of our GRC initiatives, you will ensure that the compliance roadmap and function supports our business, sales, and revenue objectives while aligning with internal information security standards.
We are not a check-box security organization and as such you will have the opportunity to materially participate in control requirements and remediation initiatives that result in real ris-reducing solutions for Chronograph and its customers. This role will report to InformationSecurity leadership, so there is substantial opportunity for adjacent exposure across all security and GRC undertakings.
As a GRC Analyst at Chronograph, you will:Have the opportunity to help build and scale a GRC program. You will support in the design, implementation, and management of our overall GRC strategy.Support the maintenance and upkeeping of our SOC2 controls and future audit preparations, such as ISO 20001.Respond to inbound cybersecurity and privacy third-party risk assessment requests.Develop and maintain information security policies and standards in accordance with Chronograph's business and security goals.Conduct and manage internal information security risk assessments throughout the organization in accordance with NIST RMF.Serve as a GRC subject matter expert for departments within the company.Collaborate with business and technology leaders to ensure information security risk findings are reviewed and solutions are implemented.Have unique opportunities to showcase your skills in a fast-growing fintech startup.You will be successful in this role if you have:
(Minimum) Two (2) years of professional experience in cyber governance, risk, and compliance for a company that hosts their products in the cloud (AWS or GCP) and uses SaaS business applications, or a recent graduate with a degree in risk management or a comparable field.Strong knowledge of information systems security standards and practices detailed in NIST RMF.Participated in or led a successful SOC2 and/or ISO27001 audit from start-to-finish.Collaborated with internal sales teams to efficiently respond to inbound cybersecurity and privacy third-party risk assessment requests.Collaborated with Security, Information Technology, Legal, Data Analysts, Human Resources and other business units to manage security risks, threats and vulnerabilities.Managed third-party vendor risk assessmentsParticipated in developing and maintaining Information Security policies.Experience writing or interpreting technical and high-level risk reports.Ability to work both individually and collaboratively to deliver results in a fast-paced startup environmentPositive attitude, sense of humor, and creativityBonus points for experience with:
CISA, CISSP, CISM, CRISC or an equivalent professional certification.GRC/Vendor Management tools like Onetrust, Tugboat, or ArcherISO-27001, NIST 800-53, GDPR, and CCPAWorking in FintechEven if you don't meet every criteria, we'd still encourage you to apply! We are growing rapidly and have a variety of needs across multiple roles and focus areas.
Why join Chronograph?
We're a team that values creativity, open communication, cutting edge technology, striving for excellence in all things - and having fun along the way. We want you to be happy for the long-term.
We offer:
Flexible work arrangementsCompetitive salaryAttractive equity participationUnlimited and flexible vacationGenerous health benefitsFully-paid parental leave...and more!
Chronograph is committed to promoting a diverse and inclusive organization and we welcome applicants from all backgrounds. If you're a passionate team player who wants to have an outsized impact on a diverse and dynamic team, we'd love to hear from you!
Salary Range (dependent on experience)
$90,000-$110,000 USD
Chronograph was founded to bring next-generation technology to private capital markets. Through our suite of cloud-based analytics and data management solutions, we help many of the world's largest and most sophisticated venture capital, private equity, and credit funds understand their investment performance in unprecedented detail, with over $20 trillion of AUM monitored via our solution suite.
At Chronograph, we get to go "behind the scenes" and work directly with investors who are driving some of the most impactful changes across high growth start-ups, global infrastructure and renewable energy, growth equity, and all other private capital strategies. The firm is backed by The Carlyle Group, Nasdaq Inc., and Summit Partners, and has seen continuous rapid growth since its founding in 2016.
The Opportunity
Bring your expertise to a highly collaborative, creative, and innovative team with a market-leading technology product suite. Chronograph is looking for an experienced GRC Analyst to help scale our internal and external compliance program. Key functions for this role include maintaining and supporting the upkeep of our established SOC2 controls, preparing for future audit efforts such as ISO27001, and assisting in the ongoing maturation of our NIST RMF risk management program.
We are looking for a business enabler who will be responsible for supporting critical portions of our compliance roadmap. As a leader of our GRC initiatives, you will ensure that the compliance roadmap and function supports our business, sales, and revenue objectives while aligning with internal information security standards.
We are not a check-box security organization and as such you will have the opportunity to materially participate in control requirements and remediation initiatives that result in real ris-reducing solutions for Chronograph and its customers. This role will report to InformationSecurity leadership, so there is substantial opportunity for adjacent exposure across all security and GRC undertakings.
As a GRC Analyst at Chronograph, you will:Have the opportunity to help build and scale a GRC program. You will support in the design, implementation, and management of our overall GRC strategy.Support the maintenance and upkeeping of our SOC2 controls and future audit preparations, such as ISO 20001.Respond to inbound cybersecurity and privacy third-party risk assessment requests.Develop and maintain information security policies and standards in accordance with Chronograph's business and security goals.Conduct and manage internal information security risk assessments throughout the organization in accordance with NIST RMF.Serve as a GRC subject matter expert for departments within the company.Collaborate with business and technology leaders to ensure information security risk findings are reviewed and solutions are implemented.Have unique opportunities to showcase your skills in a fast-growing fintech startup.You will be successful in this role if you have:
(Minimum) Two (2) years of professional experience in cyber governance, risk, and compliance for a company that hosts their products in the cloud (AWS or GCP) and uses SaaS business applications, or a recent graduate with a degree in risk management or a comparable field.Strong knowledge of information systems security standards and practices detailed in NIST RMF.Participated in or led a successful SOC2 and/or ISO27001 audit from start-to-finish.Collaborated with internal sales teams to efficiently respond to inbound cybersecurity and privacy third-party risk assessment requests.Collaborated with Security, Information Technology, Legal, Data Analysts, Human Resources and other business units to manage security risks, threats and vulnerabilities.Managed third-party vendor risk assessmentsParticipated in developing and maintaining Information Security policies.Experience writing or interpreting technical and high-level risk reports.Ability to work both individually and collaboratively to deliver results in a fast-paced startup environmentPositive attitude, sense of humor, and creativityBonus points for experience with:
CISA, CISSP, CISM, CRISC or an equivalent professional certification.GRC/Vendor Management tools like Onetrust, Tugboat, or ArcherISO-27001, NIST 800-53, GDPR, and CCPAWorking in FintechEven if you don't meet every criteria, we'd still encourage you to apply! We are growing rapidly and have a variety of needs across multiple roles and focus areas.
Why join Chronograph?
We're a team that values creativity, open communication, cutting edge technology, striving for excellence in all things - and having fun along the way. We want you to be happy for the long-term.
We offer:
Flexible work arrangementsCompetitive salaryAttractive equity participationUnlimited and flexible vacationGenerous health benefitsFully-paid parental leave...and more!
Chronograph is committed to promoting a diverse and inclusive organization and we welcome applicants from all backgrounds. If you're a passionate team player who wants to have an outsized impact on a diverse and dynamic team, we'd love to hear from you!
Salary Range (dependent on experience)
$90,000-$110,000 USD