• Locations
    • United States
    • Remote
  • Date Posted
  • Dec. 14, 2021
  • Function
  • Product Engineering
  • Sector
  • Data

Are you ready to power the World’s connections?

If you don’t think you meet all of the criteria below but are still interested in the job, please apply.  Nobody checks every box - we’re looking for candidates that are particularly strong in a few areas, and have some interest and capabilities in others.

About the role:

The Senior GRC Analyst is responsible for the execution, facilitation, implementation, operation, and maintenance of Governance, Risk & Compliance efforts to support our Information Security and Compliance goals and objectives. The role will be heavily focused on evaluating and remediating information security controls, supporting audits for the company certification programs and acting as a compliance subject matter expert to the business.

A successful candidate for this role will be a strong communicator who excels at explaining complex compliance requirements to diverse audiences (across varying technical and business backgrounds) in a way that fosters understanding and ownership. Innovation, creativity and strategic thinking are key qualifications, as this role will assist business and technical partners in designing scalable, sustainable approaches to satisfying our regulatory requirements. The ability to build influence and evangelize for new initiatives among stakeholders in multiple organizations will be an essential driver for success, as will an unflappable demeanor and grace under pressure. This role will work with the business at all organizational layers, so it will be important to demonstrate flexibility in approach, communication style and depth of understanding.

What you’ll be doing:

  • Proactively identify gaps or conflicts in existing processes and work to develop solutions with internal business partners.
  • Manage on-going remediation efforts for control deficiencies and gaps identified internally and externally.
  • Provide guidance to control owners in the planning, design, implementation, operation, maintenance & remediation of control activities and other supporting requirements (e.g. policies, standards, processes, system configurations, etc.)
  • Assist with external 3rd party audits, regulatory compliance assessment, customer assessments, due diligence security questionnaire.
  • Lead third party security risk management program.
  • Perform Internal Audit reviews with control owners to ensure compliance and adherence to security controls.
  • Partner with IT managed service provider to implement security hardening controls and on-going audits.
  • And any additional tasks required by manager.

What you’ll bring:

  • 5-7 years experience in managing and running audits, certification programs and control assessments, including but not limited to scope planning, defining control procedures based on requirements, policies and standards, control testing, mapping issues to risks.
  • Strong knowledge of and experience in security risk management and with frameworks including related regulatory compliance requirements (e.g., SOC, SOX, HITRUST, NIST 800-53, FedRAMP, PCI DSS) required.
  • Strong knowledge of and experience in privacy framework and regulatory compliance requirements (e.g., GDPR, CCPA, LGPD) required.
  • Strong ability to define, drive and execute a program vision, strategy, approach and milestones in alignment with organization priorities and initiatives.
  • Passionate about policies, processes and documentation.

We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.

What is a Konger?

We are a group of makers, thinkers, and doers focused on helping today’s developers build tomorrow’s technology. Our teams work on the bleeding edge of API innovation to provide our users with a central nervous system for data and services.

We put design at the heart of everything we do, and we’re relentlessly focused on creating beautiful experiences for our customers. That’s why technology companies, major banks, e-commerce innovators, and government agencies put Kong in front of their most important web applications.

We believe in the power of Open Source and everything it stands for. That’s why developers around the world enthusiastically contribute on top of our open-source platform.

We are passionate about solving challenges that will fundamentally shape the future of technology, and we’re looking for the right people to join us on our mission. If you believe in taking ownership of your work, making an impact, and having fun along the way, we would love to talk to you.

Kong Core Values:

  • Be Inclusive.  We work together from anywhere to achieve our common goals. Our differences make us stronger.
  • Be Authentic.  We are genuine, principled and confident without arrogance. Show respect and kindness, especially in tough moments.
  • Be Relentlessly Resourceful.  We work with purpose, obsession and grit. It takes muscle to do hard things and doing hard things build muscle.
  • Be Customer Obsessed.  We care. Customers are everything, we put them at the center of everything you do. We are all empowered to make an impact.
  • Be Curious.  We value ideas over hierarchy. Never accept the status quo. We make bold bets, fail, and learn everyday. There is always a way.
  • Be an Owner.  We are drivers not passengers and own the quality and outcomes of our work.

About Kong:

Kong creates software and managed services that connect APIs and microservices natively across and within clouds, Kubernetes, data centers and more using intelligent automation. Built on an open source core, Kong’s service connectivity platform enables digital innovation by allowing organizations to reliably and securely manage the full lifecycle of APIs and services for modern architectures, including microservices, serverless and service mesh. By providing developer teams with unprecedented architectural freedom, Kong accelerates innovation cycles, increases productivity, and seamlessly bridges legacy and modern systems and applications. For more information about Kong, please visit konghq.com or follow @thekonginc on Twitter.