Security Analyst (GRC Specialist)

Posted 2 Days Ago
Be an Early Applicant
2 Locations
Hybrid
60K-80K Annually
Senior level
Software
The Role
The Security Analyst (GRC Specialist) at Pigment is responsible for leading the governance, risk, and compliance initiatives to protect customer data. This role involves implementing security roadmaps, establishing security policies, overseeing vulnerability remediation, managing compliance certifications, and advocating for security awareness across teams.
Summary Generated by Built In

Our Story So Far


Since our founding in 2019, Pigment has become one of the fastest-growing SaaS companies in the world today. Our product, a highly efficient Enterprise Performance Management (EPM) platform, is helping companies achieve their financial goals by quickly responding to dynamic factors in their respective markets including Tech, Retail, CPG & Financial Services. 


In less than 5 years, Pigment has grown to over 450 employees across offices in New York, Toronto, London & Paris and attracted a total of $393M in investment from some of the top Venture Capital firms globally.

We serve companies including Unilever, Deliveroo, Gong and Brex to name a few!


We are looking for a Governance, Risk and Compliance specialist, whose core focus will be to protect our customers' and compliance data.

Key Responsibilities

  • Strategic Leadership

  • Under the coordination of the CISO, participate in the definition of a multi-year, risk-driven security roadmap, design policies, processes and guidance documents driving its implementation

  • Implementing the security roadmap, either autonomously or with support from other engineering teams, either in a delivery or project management capacity, depending on the project’s technical requirements.

  • Establish and implement company-wide security policies and procedures covering internal IT, production platforms, facilities, and more.

  • Improve and maintain the risk analysis and its mitigation planDesign and implement a comprehensive reporting framework of security indicators

  • Operational Excellence

  • Drive implementation of the security roadmap, leading initiatives and coordinating with engineering teams or other relevant stakeholders (legal, HR, support, customer experience

  • Oversee vulnerability remediation, including triage, prioritization, and mitigation follow up.

  • Oversee vendor security assessments and ensure alignment with compliance requirements, deliver security approvals in the procurement process

  • Participate in the asset management program (contractors, accounts, datasets, etc.) 

  • Compliance Management

  • Lead certifications renewals for SOC 1, SOC 2, and contribute to acquisition of new certification (e.g., ISO 27001, ISO 27701)

  • Lead planning and execution of compliance audit programs conducted both internally and externally.

  • Maintain and enhance compliance programs, collaborating cross-functionally to ensure adherence.

  • Coordinate with the Sales and Legal teams to understand the legislative landscape and market requirements in terms of compliance.

  • Advocacy and Training

  • Design and implement security awareness training programs and champion best practices across teams (onboarding training, awareness training, phishing simulations, developer trainings)

Experience & Expertise

  • At least 5 years of experience on governance and compliance topics, either as Security Engineer, Security Project Manager, or compliance officer (of course, you can be way more experienced!)

  • Extensive knowledge and experience with the ISO27000 series standard: implementation experience in obtaining and maintaining is a plusSolid technical background in security engineering

  • Great team spirit with a problem-solving, can-do attitude.

  • Good dose of humility and the willingness to grow (no matter your seniority!).

  • Fluent in English (French is not mandatory!).

Environment

  • The scope of this role includes both the production environment and internal IT
  • Sites in Paris, London, Toronto and NYC 
  • MacOS, Windows, Linux
  • GCP, Kubernetes, Terraform, Postgres, SingleStore, Vault
  • Okta, Oauth, JWT, C#, .NET Core, TypeScript, React
  •  Vanta (GRC), Riot (awareness), Google Workspace (office), Jumpcloud (MDM and SSO), Hibob (HRIS), Slack (IM), GitHub (VCS), CircleCI / ArgoCD (CI/CD) HackerOne (Bug Bounty program), Datadog (SIEM), 1Password (password manager)

Pigment is an equal opportunity employer. We believe diversity is a strength and fosters innovation. We are committed to enabling everyone to feel included and valued at the workplace. All qualified applicants will receive consideration for employment without regard to age, color, family, gender identity, marital status, national origin, physical or mental disability, sex (including pregnancy), sexual orientation, social origin, or any other characteristic protected by applicable laws. We may process your personal data in accordance with our HR Data Protection Notice.

The Company
HQ: Paris
187 Employees
On-site Workplace
Year Founded: 2019

What We Do

In a world moving at an incredibly fast pace, businesses have grown accustomed to change. Transforming their business model, pivoting their strategy, rethinking their go-to-market, the list goes on.

To enable these changes, they have also had to rethink the way they work.
Breaking down silos isn’t a best practice anymore. It’s a given.

And yet, when it comes to planning, little has changed. In fact, planning tools work the exact opposite way, reinforcing data and people silos, and preventing teams from working together toward their common goals.

As a result, planning is usually seen as a dreadful process.
But the truth is, planning drives strategy. It’s high time we serve it with the right tools.

Pigment is the business planning platform for fast-growing companies. Our mission is to help companies make better, faster decisions in a changing world, and drive revenue growth.
At Pigment we believe that:

✅ Real-time data informs better outcomes. Trim your sail, and make the best use of current winds.

✅ Reporting should be accurate, quick, and insightful.

✅ Planning should be simple, smooth, and delightful.

✅ Less time should be spent on data crunching, more time on bringing insights to the business.

✅ Collaboration should be at the heart of any planning process, so your organization works as one.

Book your demo today ? https://www.gopigment.com/contact

We’re hiring! Check out our offers: https://jobs.lever.co/pigment

Similar Jobs

Mondelēz International Logo Mondelēz International

Manager Data Insights International Customers

Big Data • Food • Hardware • Machine Learning • Retail • Automation • Manufacturing
Hybrid
Clamart, Hauts-de-Seine, Île-de-France, FRA
90000 Employees
Hybrid
Paris, Île-de-France, FRA
289097 Employees

Arrow Electronics, Inc. Logo Arrow Electronics, Inc.

Broadcom Market Analyst

Cloud • Enterprise Web • Hardware • Information Technology • Internet of Things • Robotics • Semiconductor
Courbevoie, Hauts-de-Seine, Île-de-France, FRA
22000 Employees

Mirakl Logo Mirakl

Business Value Consultant

eCommerce • Information Technology • Retail • Software • Consulting
Easy Apply
Paris, Île-de-France, FRA
750 Employees

Similar Companies Hiring

Jobba Trade Technologies, Inc. Thumbnail
Software • Professional Services • Productivity • Information Technology • Cloud
Chicago, IL
45 Employees
RunPod Thumbnail
Software • Infrastructure as a Service (IaaS) • Cloud • Artificial Intelligence
Charlotte, North Carolina
53 Employees
Hedra Thumbnail
Software • News + Entertainment • Marketing Tech • Generative AI • Enterprise Web • Digital Media • Consumer Web
San Francisco, CA
14 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account