GRC Analyst

Who are we?

Checkmarx is the leader in application security and ensures that enterprises worldwide can secure their application development from code to cloud. Our consolidated platform and services address the needs of enterprises by improving security and reducing TCO, while simultaneously building trust between AppSec, developers, and CISOs. At Checkmarx, we believe it’s not just about finding risk but remediating it across the entire application footprint and software supply chain with one seamless process for all relevant stakeholders.

We are honored to serve more than 1,800 customers, including 40 percent of all Fortune 100 companies, including Siemens, Airbus, Salesforce, Stellantis, Adidas, Walmart, and Sanofi.

What are we looking for?

GRC Analyst

How will you make an impact?

• Risk Management & Assessments:
• Identify, assess, and prioritize organizational risks.
• Conduct comprehensive VRM assessments to evaluate third-party risks.
• Develop and implement risk mitigation strategies and monitor remediation progress.
• Perform risk assessments and maintain updated risk registers and reports.
• Compliance & Audits:
• Ensure compliance with relevant laws, regulations, and standards (e.g., SOC 2, ISO 27001, NIST, GDPR).
• Support internal and external audits, including evidence collection, documentation preparation, and stakeholder coordination.
• Maintain and update compliance with documentation, policies, and procedures.
• Assist in developing, reviewing, and maintaining governance frameworks, controls, and policies.
• Promote a culture of security, compliance, and risk awareness.
• Collaboration & Program Improvement:
• Collaborate with cross-functional teams, including Legal, Procurement, R&D, and IT, to address GRC-related matters.
• Assist in the continuous improvement of GRC programs and initiatives.
• Develop and deliver training and awareness sessions to enhance employee understanding of governance, risk, and compliance practices.

What is needed to succeed?

• 2+ years of experience in GRC, risk management, or similar roles.
• Bachelor’s degree in computer science, information security, cybersecurity, risk management, or related fields.
• Familiarity with VRM processes, SOC 2 Type 2, and ISO 27001 audits.
• Working knowledge of privacy regulations and information security frameworks (e.g., NIST, CIS, ISO 27001, GDPR).
• Strong analytical thinking, attention to detail, and problem-solving abilities.
• Excellent written and verbal communication skills in English.
• Ability to manage multiple tasks, prioritize effectively, and work independently and collaboratively with various stakeholders.
• One or more of the following certificates (highly desirable): CISSP, CRISC, CISA, CISM, CGRC.