GRC Analyst - Cybersecurity
At Braze, we have found our people. We’re a genuinely approachable, exceptionally kind, and intensely passionate crew.
We seek to ignite that passion by setting high standards, championing teamwork, and creating work-life harmony as we collectively navigate rapid growth on a global scale while striving for greater equity and opportunity – inside and outside our organization.
To flourish here, you must be prepared to set a high bar for yourself and those around you. There is always a way to contribute: Acting with autonomy, having accountability and being open to new perspectives are essential to our continued success. Our deep curiosity to learn and our eagerness to share diverse passions with others gives us balance and injects a one-of-a-kind vibrancy into our culture.
If you are driven to solve exhilarating challenges and have a bias toward action in the face of change, you will be empowered to make a real impact here, with a sharp and passionate team at your back. If Braze sounds like a place where you can thrive, we can’t wait to meet you.
WHAT WE'RE LOOKING FOR
We're seeking an English speaking Security Analyst to join our São Paulo based Security Engineering team to help Braze achieve and maintain authorization and certifications that enable us to be competitive. The GRC team is responsible for audit readiness and risk mitigation across the organization. You will be helping build internal and external compliance programs and will be exposed to a wide range of security controls protecting endpoint infrastructure, modern cloud-based containerized application deployments, and Web applications/API’s. You will work directly on the Security Engineering team, a technical team which will expose you to technical concepts, and the ability to have questions answered/evidence procured easily. In addition to helping guide the organization through compliance and risk frameworks, you will be a customer-facing advocate for the Braze security program, interacting with internal pre and post-sales teams to meet client expectations for compliance, technical controls, policy, and governance.
WHAT YOU'LL DO
- Evaluate security controls on new and existing systems, processes, and technology to ensure the adequacy and the effectiveness and provide value-added recommendations.
- Collaborate with cross-functional teams to gather evidence in support of internal and external audits such as ISO27001, SOC 2, HIPAA, and other compliance frameworks.
- Conduct vendor security reviews prior to onboarding with our Whistic software solution.
- Collaborate to define Information Security requirements and develop/update policies and standards
- Work with internal pre- and post-sales teams, as well as the Legal and Privacy team, to meet client expectations for compliance, technical controls, policy, and governance.
- Work with security engineers to implement the enterprise-wide strategy and key initiatives focused on the reduction of technology risk.
WHO YOU ARE
- You have at least 2-3 years of formalized experience in compliance or risk in the context of the tech industry.
- You are familiar with ISO 27001, SOC 2, NIST and other Security frameworks.
- You are able to write policies and procedures that satisfy customer and internal requirements.
- You know how to conduct risk assessments and manage risk across multiple teams and assets.
- You enjoy evangelizing about security and risk to anyone who will listen, be it Braze employees, Braze customers, or contractors.
- You have a background in threat modeling.
WHAT WE OFFER
- Competitive compensation that may include equity
- Retirement and Employee Stock Purchase Plans
- Flexible paid time off
- Comprehensive benefit plans covering medical, dental, vision, life, and disability
- Family services that include fertility benefits and equal paid parental leave
- Professional development supported by formal career pathing, learning platforms, and tuition reimbursement
- Community engagement opportunities throughout the year, including an annual company wide Volunteerism Week
- Employee Resource Groups that provide supportive communities within Braze
- Collaborative, transparent, and fun culture recognized as a Great Place to Work®
Details of these benefit plans will be provided if a candidate receives an offer of employment. Benefits may vary by location.
Braze (Nasdaq: BRZE) is a leading comprehensive customer engagement platform that powers interactions between consumers and brands they love. With Braze, global brands can ingest and process customer data in real time, orchestrate and optimize contextually relevant, cross-channel marketing campaigns and continuously evolve their customer engagement strategies.
Braze is proudly certified as a Great Place to Work® in the U.S., the UK and Singapore. We ranked #1 on Great Place to Work UK’s 2023 Best Workplaces (Medium), #3 on Great Place to Work UK’s 2023 Best Workplaces for Wellbeing (Medium), #4 on Great Place to Work’s 2023 Best Workplaces in Europe (Medium), #5 on Fortune’s 2022 Best Workplaces for Millennials in the US, #10 on Great Place to Work UK’s 2023 Best Workplaces for Women (Large), #19 on Fortune’s 2023 Best Workplaces in New York (Large), and were named as a Top Achiever on Great Place to Work UK’s 2023 Best Workplaces in Tech.
You’ll find many of us at headquarters in New York City or around the world in Austin, Berlin, Chicago, Jakarta, London, Paris, San Francisco, Singapore, Sydney and Tokyo – not to mention our employees in nearly 50 remote locations.