SHOULD YOU ACCEPT THIS CHALLENGE...
Are you ready to be the hero behind the scenes, tackling high-stakes security challenges like Ethan Hunt in "Mission: Impossible"? Join our dynamic Governance, Risk, and Compliance (GRC) team within Pure Security Office, where you'll be at the forefront of safeguarding our digital assets and ensuring robust risk management practices. You will be an expert of our digital fortress, identifying and addressing risks to strike an optimal balance between business outcomes and risk mitigation. If you are passionate about risk management and understand its fundamental role in key business decisions, then this is the perfect role for you!
Overview
We are seeking a detail-oriented Security Analyst specializing in Governance, Risk, and Compliance (GRC) with a strong focus on Risk Management. The ideal candidate will be responsible for identifying, assessing, and mitigating risks to ensure the security and compliance of our organization's information systems. This role requires a deep understanding of risk management frameworks, security policies, and compliance standards to protect our digital assets and support our business objectives.
What You'll Do
Collaborate with cross-functional Infrastructure, Engineering, Business and Security teams to Identify potential security risks to information systems and data
Educate, influence and work with technology and platform owners to implement necessary controls and best practices related to identified risks
Develop and implement risk management strategies and processes
Maintain the cybersecurity risk register
Conduct regular risk assessments
Process security exceptions while assessing risks
Monitor and report on the effectiveness of risk management initiatives
Appropriately assess risk when business and technical decisions are made, demonstrating risk management mindset
Requirements
General Experience
5+ years of proven experience in a GRC or Risk Management role, in both on-prem and cloud environments in a Technology Company
Knowledge of Security Best Practices (e.g., least privileged, zero trust model)
Hands on working knowledge with GRC tools (e.g., ServiceNow, ZenGRC)
Cybersecurity certifications (e.g., CISSP, CISM, CISA) are a plus
Technical Skills
Strong knowledge of risk management frameworks (e.g., NIST, ISO 31000) and compliance standards (e.g., ISO27001, SOC-2).
Basic to intermediate understanding of secure software development practices
Expertise with risk identification in solution architecture and design
Strong working knowledge of building risk reports for senior management
Soft Skills
Analytical Thinking: Skill in analyzing problems, identifying root causes, and providing solutions
Project Management: Experience managing project timelines, resources, and stakeholders
Collaboration: Ability to work well with cross-functional teams, including Engineering, IT operations, Security, and Compliance teams
You will be based in Santa Clara. As this is an office-centric role, you are expected to be present in the office for 3 days a week. As outlined in Pure's Hybrid Work Policy, there will be variations over periods of time, depending on business need.
Pay Range: $130,000.00 - $196,000.00
Salary ranges are determined based on role, level and location. For positions open to candidates in multiple geographical locations, the base salary range is reflective of the labor market across the applicable locations.
This role may be eligible for incentive pay and/or equity.
And because we understand the value of bringing your full and best self to work, we offer a variety of perks to manage a healthy balance, including flexible time off, wellness resources, and company-sponsored team events - check out purebenefits.com for more information.
There is no application deadline and we accept applications on an ongoing basis until the job is filled.