The Governance, Risk, and Compliance Specialist is charged with assisting in the identification, assessment, measurement, monitoring, and reporting of risk through CrowdStrike’s Governance, Risk, and Compliance (GRC) program. The GRC Specialist’s primary function will involve supporting CrowdStrike product and service audits and assessments. In addition, this role may be called on to support corporate operations and IT compliance audits and assessments, vendor and partner risk assessments, or support customer assurance efforts to address questions from CrowdStrike customers as needs and interests require. The GRC Specialist will also perform compliance advisory functions and support security awareness and education efforts delivered to CrowdStrike and relevant parties.
The ideal candidate will understand current assessment frameworks, technologies, and processes while being continuously on the lookout for innovative and flexible ways to automate processes that support a fast-paced, secure, and empowered environment.
This role covers audit, compliance, vendor risk, and customer assurance functions in the context of security and privacy within enterprise-wide operational areas such as:
- assisting with internal and external audits and assessments including control assessment, monitoring, and reporting including collection and organization of evidence;
- conducting third party controls evaluation to determine risk;
- working with various internal teams or external parties to define and prioritize remediation efforts, tracking remediation activities, and inspecting/validating solutions that have been implemented; and
- responding to CrowdStrike and customer questions regarding GRC topics and CrowdStrike technologies;
- performing other duties within the scope of governance, risk, and compliance as needed.
What You’ll Need:
- Practical experience with policy and regulatory mandates such as COBIT, SOC1/SOC2, CSA-CCM, ISO27001/27002/27031, GDPR, CCPA, PCI-DSS and NIST Risk Management Framework and associated standards such as NIST sp800-34, sp800-53, sp800-171/2, FedRAMP, CMMC, etc.;
- experience in typical office applications including Microsoft Word, Excel, etc.;
- fundamental technical understanding of key technologies such as Windows, Linux, and Apple operating systems, networks, application development, databases, virtualization, and cloud infrastructures; and
- 3-5 years relevant experience, or a BA or BS / MA or MS degree in Computer Science/Engineering, Math, Information Security, Information Systems, Information Assurance, Information Security Management, Intelligence Studies, Data Science, or Cybersecurity.
- Project management experience in scoping, work break-down, critical path analysis, resourcing, managing time estimates, project risks, and quality.
- Ability to think strategically about risks and tie those risks to tactical organizational activities.
- Experience with a cloud environment and the CrowdStrike products or services.
- Open to learning and working on new domains and technology.
This role will require the candidate to periodically undergo and pass additional background and fingerprint check(s) consistent with government customer requirements.
Benefits of Working at CrowdStrike:
- Remote-first culture
- Market leader in compensation and equity awards
- Competitive vacation and flexible working arrangements
- Comprehensive and inclusive health benefits
- Physical and mental wellness programs
- Paid parental leave, including adoption
- A variety of professional development and mentorship opportunities
- Offices with stocked kitchens when you need to fuel innovation and collaboration