Sr. GRC Analyst

Onwards Together!

Illumio is the leader in ransomware and breach containment, redefining how organizations contain cyberattacks and enable operational resilience. Powered by the Illumio AI Security Graph, our breach containment platform identifies and contains threats across hybrid multi-cloud environments – stopping the spread of attacks before they become disasters.

Recognized as a Leader in the Forrester Wave™ for Microsegmentation, Illumio enables Zero Trust, strengthening cyber resilience for the infrastructure, systems, and organizations that keep the world running.

Our Team's Vision:

The Office of the CTO and Security team sets the strategic technical direction of the company while keeping both Illumio and our customers secure. Those who join us represent the leader in Zero Trust Segmentation and maintain Illumio’s competitive advantage by exploring new technologies while collaborating with Engineering and Product Management. We are looking for people who leverage differences and push the pace of innovation in a time when the world faces its greatest cybersecurity threats in history.  As a Senior GRC Analyst, you will be responsible for assisting us with developing, managing, and ensuring compliance with relevant regulatory requirements and standards. You will also work closely with cross-functional teams to lead compliance initiatives, monitor and manage risks, and support internal and external audits. This role requires a strategic thinker with a hands-on approach, experience in risk management frameworks, and a commitment to continuous improvement in a rapidly evolving field.

Your Impact:

• Lead and manage SOC 2 Type 2, ISO 27001, and PCI audit preparation and execution processes, ensuring alignment with regulatory standards.

• Develop, implement, and maintain GRC programs, policies, and procedures that adhere to relevant standards and best practices.

• Collaborate with stakeholders to define control objectives, identify risks, and implement remediation actions.

• Conduct gap assessments and manage risk assessments to identify potential compliance and security risks.

• Provide guidance on regulatory requirements and support initiatives to achieve and maintain compliance.

• Work with external auditors and coordinate audit activities to ensure successful audit outcomes.

• Stay up-to-date on regulatory changes, industry standards, and best practices to continuously improve the GRC program.

• Occasionally participate with customer responses on an as needed basis and if time permits.

• Assist with on-call rotation to monitor the Security ticket queue. Hours are typically 9:00am to 7:00pm with best effort on Saturday and Sunday. (Approximately a 12-week rotation)

Your Tool Kit:

•  Education: Bachelor’s Degree in information systems management, Accounting, or a related field, or Master's Degree in relevant field

• Certifications: At lease one of the following certifications: CISSP, CISA, CISM, CRISC, or similar certifications relevant to GRC and compliance.

• Experience: Minimum of 8+ years of experience in GRC or Compliance, with hands-on experience managing SOC 2 Type 2, ISO 27001, 27701, and PCI audits.

• Deep understanding of risk management, governance, and compliance frameworks.

• Proficiency in control frameworks such as COSO, COBIT, and NIST.

• Strong project management skills with a detail-oriented approach.

• Excellent written and verbal communication skills, with the ability to articulate compliance issues to key stakeholders.

• Experience with other compliance frameworks or certifications (e.g., GDPR, HIPAA) is a plus

• Experience using GRC tools and software is a plus

Our Commitment:

Illumio believes that an environment of unique backgrounds, experiences, viewpoints, and individual contributions drives our success and makes us stronger together. We are dedicated to creating and maintaining a diverse culture and emphasizing inclusion and belonging. #LI-KD1 #LI-REMOTE

All official job offers from our company are extended directly by our recruitment team and will be sent through an official E-Signature document for your review and signature. Please be aware that we do not ask for any personal information in the process of extending offers of employment, such as financial details or social security numbers. Upon acceptance of any offer, we will request such information as part of the onboarding process prior to or on your first day of employment, and only after completing a background check through an authorized third-party vendor. If you receive any communication asking for personal details outside of these processes, please contact us immediately to verify the authenticity of the request. Your security is important to us, and we are committed to a safe and transparent hiring experience.

For roles in San Francisco and Los Angeles: Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Illumio will consider for employment qualified applicants with arrest and conviction records.