Job Description

Who We Are
We help the world Be Everyday Ready ™
Today’s threatscape is relentless. So are we. At Cyderes, we specialize in building practical IAM, exposure management, and risk programs, and stopping active threats fast with MDR that works with your existing security tools — all augmented by AI and driven by seasoned operators. Our tireless global team is laser-focused on cybersecurity, arming organizations with the people, platforms, and perspectives they need to conquer whatever tomorrow throws their way.
🏆 Great Place to Work® Certified™ | United States · Canada · United Kingdom · India

About the Job:

Cyderes is seeking an GRC Analyst. The GRC Analyst will be responsible for day-to-day activities in implementing the information security and compliance program. The individual will assist in maintaining audit and compliance initiatives to ensure policies, standards, procedures, and audit activities are in alignment with business, IT, and regulatory requirements. The individual in this role is also expected to participate in and support various department activities which may include quarterly user access reviews, the development and maintenance of information security policies, procedures, and standards; training, and awareness activities; review and respond to security requirements and inquiries regarding existing or proposed solutions. The individual will perform internal and external security compliance monitoring activities, manage client audits, IT control audits, and security risk assessments.

To be successful in this role, you must be comfortable with evaluating, documenting, and creating remediation plans to meet compliance requirements in a fast-paced organization. Success will be measured by the effectiveness of the implementation and operation of the information security and compliance directives.

Responsibilities:

• Coordinate IT security governance, risk and compliance activities across the enterprise
• Oversee information security compliance activities, including daily, weekly, quarterly and/or annual security risk assessments – both performing internal assessments and responding to external assessments
• Respond to request for information on Cyderes’ security compliance from customers and partners, review and negotiate relevant agreements
• Support efforts for compliance with SOC2, ISO 27001, NIST 800-53, and other security standards and regulatory frameworks
• Conduct audit readiness assessments and coordinate with internal and external functions and audit resources
• Support the implementation and administration of the Governance, Risk, and Compliance system (GRC)
• Collaborate with other departments to direct security compliance issues to appropriate channels for investigation and resolutions
• Revise and maintain security & controls policies and procedures in accordance with applicable regulations
• Enable Continuous Compliance through Continuous testing of security & privacy controls
• Identify and provide recommendations for technology, licensing, and/or process updates to improve Cyderes overall security posture
• Develop and provide reports to keep management informed of the operation and progress of compliance efforts

Requirements

• Minimum 3 years in a GRC role with at least 1 full year of hands-on administration of a GRC automation tool (Vanta, Drata, or Sprinto etc.). Vanta is preferred.
• Experience in design and implementation of information security policies and controls
• Experience participating in external security audits; SOC2 Type II preferred
• Experience conducting needs assessments and identifying/implementing appropriate solutions
• Strong knowledge of security technologies and architecture, including encryption, cloud network security design, security group configuration, intrusion detection, data loss prevention and application security
• Ability to take initiative and be proactive
• Ability to work independently and be resourceful
• Complex problem-solving and analytical skills
• Excellent communication skills, both verbal and written; ability to condense complex information into simple language for the appropriate audience
• CISSP, CISM, CISA certifications preferred
• Analyst A (The Internal Builder): Focuses on Vanta, SOC2/ISO mapping, and internal engineering/DevOps alignment.)
• Evidence Collection: Proven track record of translating abstract SOC2 criteria into technical screenshots, logs, or API outputs.
• Proven track record of translating abstract SOC2 Common Criteria or ISO 27001 clauses into actionable technical controls.
• Analyst B (The External/Risk Specialist): Focuses on Third-Party Risk, Customer Questionnaires/Trust Center, and Privacy (GDPR/CCPA).
• high proficiency in interpreting SOC2/ISO reports and Data Processing Agreements (DPAs)
• Advanced Third-Party Risk (TPRM) Analysis: Minimum 3 years of hands-on experience evaluating SaaS vendors, with the proven ability to dissect SOC2 Type II, ISO 27001, and Penetration Test reports.
• Vanta Trust Center & Questionnaire Automation: Proficiency in managing Vanta’s Trust Center and Vendor Risk modules.
• Privacy & Data Protection Liaison: Practical experience navigating Data Processing Agreements (DPAs) and mapping vendor risks to privacy frameworks like GDPR, CCPA, or HIPAA.

WHY CYDERES?

Benefits that go beyond the basics, we support our people so they can do their best work.

✔ Medical Insurance - Employee + dependents covered

✔ Life Insurance - Protection for what matters most

✔ Retirement Match Program - We invest in your future

✔ Hybrid Work Model - 2–3 days in office

✔ Maternity & Paternity Leave - Time for the moments that matter

✔ Paid Time Off - PTO + sick & casual leave

✔ Bereavement & Volunteer Time - Give back to your community

✔ Professional Development - Reimbursement program

✔ LinkedIn L&D Platform - Thousands of courses at your fingertips

✔ Mobile Phone Reimbursement - Stay connected, on us

Cyderes i s an Equal Opportunity Employer (EOE). Qualified applicants are considered for employment without regard to race, religion, color, sex, age, disability, sexual orientation, genetic information, national origin, or veteran status.
Note: This job posting is intended for direct applicants only. We request that outside recruiters do not contact us regarding this position.