Senior Security Governance, Risk, and Compliance Analyst

Senior Security GRC Analyst

About the team:

The Information Security (InfoSec) organisation advances the overall state of security at Rubrik through critical initiatives and coordination of large security projects. Information Security builds technologies, tools, and processes to better enable teams at Rubrik to develop secure software and protect data and systems with appropriate security controls. Information Security also develops systems to monitor and respond to attacks against our systems, provides awareness education to teams on security best practices for data protection, and ensures data sharing relationships with third parties in order to securely protect Rubrik information.

About the role:

We are looking for a Compliance Analyst to streamline and automate our security compliance engine. In this role, you will be the engine behind our regulatory adherence and internal control environments. You won't just check boxes; you’ll build scalable evidence collection processes, manage internal assessments, and partner with engineering teams to close security gaps. You will focus on the execution and continuous monitoring of our security compliance framework, ensuring we remain audit-ready across multiple standards (such as SOC2, ISO 27001, or HIPAA).

What you’ll do:

• Framework Management: Maintain global compliance certifications, including ISO 27001, SOC2, BSI C5, Cyber Essentials, DESC, and evolving data privacy standards.
• Audit Coordination: Serve as the primary liaison for internal and external audits; manage timelines, evidence collection, and communication between process owners and auditing bodies.
• Strategic Partnership: Partner with cross-functional teams (risk, governance, sec-ops, etc.) to identify control gaps, prioritise remediation efforts, and implement scalable solutions that reduce organisational risk
• Evidence Lifecycle Management: Systematise the collection and retention of audit evidence to ensure the organisation is audit-ready at all times without disrupting daily operations..
• Continuous Monitoring: Experience in conducting a common controls framework, which shall be required to assess control effectiveness and evidence to support in defining security posture and compliance
• Standard Simplification: Deconstruct complex regulatory requirements and technical standards into clear, actionable and operational requirements.
• Stakeholder Communication: Act as a subject matter expert, providing transparent and persuasive updates on the health of the compliance program to leadership and internal teams.
• Compliance Advocacy: Design and deliver targeted training sessions to help process owners understand their role within the Rubrik controls framework and the "why" behind security requirements.
• Support Risk Management: Support risk assessments to identify, document, and track the remediation of information security threats.
• Governance: Support to develop and update the information security policy framework to ensure alignment between business objectives and regulatory requirements.
• Third-Party Risk: Support the supplier security process to conduct ongoing monitoring of vendors to ensure third-party services do not compromise the organisation’s security posture.

Experience you’ll need:

• 5+ years of experience in Information Security Governance, Risk and Compliance (GRC) or relevant Compliance roles in the tech industry
• Proven track record of driving security and operational risk processes within a modern risk oversight function
• Advanced knowledge of risk quantification principles and experience implementing FAIR-like approaches
• Strong understanding of common security risks, vulnerabilities, and threats
• Expertise in relevant information security frameworks (ISO 27001/2, FedRAMP, SOC 2, CIS Top 20, PCI DSS, NIST CSF, HIPAA)
• Proficiency in audit and risk management methodologies (SOX, COBIT, NIST RMF)
• Hands-on experience with data analytics and BI tools (e.g., Power BI) and agile project management tools (e.g., Jira)
• Executive presence with the ability to represent a vision and build consensus across diverse partners
• Detail-oriented and able to understand the bigger picture by using your technical expertise and problem-solving abilities to prioritise and manage blocking issues.
• Ability to ramp up quickly and learn new technologies with minimal lag time.
• Able to discuss issues at technical and business levels with audiences of various backgrounds.
• Bachelor's degree in Security, Computer Science, or related field; Master's degree preferred
• Professional certifications such as CISA, CISM, CRISC, CGEIT, or CISSP
• Experience in high-growth SaaS and data management industries is a plus
• 5+ years of experience in Information Technology, Information Security, Information Security Compliance and/or Auditing
• Executive presence with the ability to represent a vision and build consensus across diverse partners
• Familiarity with security and privacy standards such as ISO 27001, SOC2, HIPAA, HI-TRUST, BSI C5, Cyber Essentials, DESC, EU-US Privacy Shield, etc.
• Detail-oriented and able to understand the bigger picture by using your technical expertise and problem-solving abilities to prioritise and manage blocking issues.
• Ability to ramp up quickly and learn new technologies with minimal lag time.
• Able to discuss issues at technical and business levels with audiences of various backgrounds.
• Ability to manage multiple projects and deliver quality work to deadlines
• Demonstrated experience in the development and management of a comprehensive compliance program that balances risk and the needs and goals of the business
• Excellent interpersonal, verbal, and written communication skills with the ability to communicate compliance-related concepts to a broad range of technical and non-technical staff
• Demonstrated success working with internal audit, external auditors, outside consultants, and outside counsel
• Bachelor's degree in Security, Computer Science, or related field; Master's degree preferred
• Professional certifications such as CISA, CISM, CRISC, CGEIT, or CISSP
• Experience in high-growth SaaS and data management industries is a plus
• Strong technical foundation to be able to develop Rubrik compliance best practices based on compliance requirements and Rubrik systems and processes.

Join Us in Securing and Accelerating the World's AI Transformation

Rubrik (RBRK), the Security and AI Operations Company, leads at the intersection of data protection, cyber resilience, and enterprise AI acceleration. Rubrik Security Cloud delivers complete cyber resilience by securing, monitoring, and recovering data, identities, and workloads across clouds. Rubrik Agent Cloud accelerates trusted AI agent deployments at scale by monitoring and auditing agentic actions, enforcing real-time guardrails, fine-tuning for accuracy and undoing agentic mistakes. 

Linkedin | X (formerly Twitter) | Instagram | Rubrik.com

Inclusion @ Rubrik

At Rubrik, we are dedicated to fostering a culture where people from all backgrounds are valued, feel they belong, and believe they can succeed. Our commitment to inclusion is at the heart of our mission to secure the world’s data.

Our goal is to hire and promote the best talent, regardless of background. We continually review our hiring practices to ensure fairness and strive to create an environment where every employee has equal access to opportunities for growth and excellence. We believe in empowering everyone to bring their authentic selves to work and achieve their fullest potential.

Our inclusion strategy focuses on three core areas of our business and culture:

• Our Company: We are committed to building a merit-based organization that offers equal access to growth and success for all employees globally. Your potential is limitless here.

• Our Culture: We strive to create an inclusive atmosphere where individuals from all backgrounds feel a strong sense of belonging, can thrive, and do their best work. Your contributions help us innovate and break boundaries.

• Our Communities: We are dedicated to expanding our engagement with the communities we operate in, creating opportunities for underrepresented talent and driving greater innovation for our clients. Your impact extends beyond Rubrik, contributing to safer and stronger communities.

Equal Opportunity Employer/Veterans/Disabled

Rubrik is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

Rubrik provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Rubrik complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. 

Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please contact us at hr@rubrik.com if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.

EEO IS THE LAW

NOTIFICATION OF EMPLOYEE RIGHTS UNDER FEDERAL LABOR LAWS

Experience Level

Senior Level