GRC Analyst

Who are we

Checkmarx is the leader in application security and ensures that enterprises worldwide can secure their application development from code to cloud. Our consolidated platform and services address the needs of enterprises by improving security and reducing TCO, while simultaneously building trust between AppSec, developers, and CISOs. At Checkmarx, we believe it's not just about finding risk but remediating it across the entire application footprint and software supply chain with one seamless process for all relevant stakeholders.

We are honored to serve more than 1,800 customers, including 40 percent of all Fortune 100 companies, including Siemens, Airbus, Salesforce, Stellantis, Adidas, Walmart, and Sanofi.

What are we looking for

We are seeking a proactive and detail-oriented GRC Analyst to join our Information Security team. In this role, you will support and enhance the organization's Governance, Risk, and Compliance programs by conducting Vendor Risk Management (VRM) assessments, performing risk evaluations, and supporting internal and external audits, including SOC 2 Type 2 and ISO 27001. You will ensure alignment with industry standards such as NIST and ISO, enhance our security posture, and promote a culture of compliance and risk awareness across Checkmarx.

How will you make an impact

• Risk Management & Assessments:
• Identify, assess, and prioritize organizational risks.
• Conduct comprehensive VRM assessments to evaluate third-party risks.
• Develop and implement risk mitigation strategies and monitor remediation progress.
• Perform risk assessments and maintain updated risk registers and reports.
• Compliance & Audits:
• Ensure compliance with relevant laws, regulations, and standards (e.g., SOC 2, ISO 27001, NIST, GDPR).
• Support internal and external audits, including evidence collection, documentation preparation, and stakeholder coordination.
• Maintain and update compliance with documentation, policies, and procedures.
• Assist in developing, reviewing, and maintaining governance frameworks, controls, and policies.
• Promote a culture of security, compliance, and risk awareness.
• Collaboration & Program Improvement:
• Collaborate with cross-functional teams, including Legal, Procurement, R&D, and IT, to address GRC-related matters.
• Assist in the continuous improvement of GRC programs and initiatives.
• Develop and deliver training and awareness sessions to enhance employee understanding of governance, risk, and compliance practices.

What is needed to succeed

• 2+ years of experience in GRC, risk management, or similar roles.
• Bachelor's degree in computer science, information security, cybersecurity, risk management, or related fields.
• Familiarity with VRM processes, SOC 2 Type 2, and ISO 27001 audits.
• Working knowledge of privacy regulations and information security frameworks (e.g., NIST, CIS, ISO 27001, GDPR).
• Strong analytical thinking, attention to detail, and problem-solving abilities.
• Excellent written and verbal communication skills in English.
• Ability to manage multiple tasks, prioritize effectively, and work independently and collaboratively with various stakeholders.
• One or more of the following certificates (highly desirable): CISSP, CRISC, CISA, CISM, CGRC.