Who We Are
We help the world Be Everyday Ready™
Today’s threatscape is relentless. So are we. At Cyderes, we specialize in building practical IAM, exposure management, and risk programs, and stopping active threats fast with MDR that works with your existing security tools — all augmented by AI and driven by seasoned operators. Our tireless global team is laser-focused on cybersecurity, arming organizations with the people, platforms, and perspectives they need to conquer whatever tomorrow throws their way.
🏆 Great Place to Work® Certified™ | United States · Canada · United Kingdom · India
About the Job:
Cyderes is seeking an GRC Analyst. The GRC Analyst will be responsible for day-to-day activities in implementing the information security and compliance program. The individual will assist in maintaining audit and compliance initiatives to ensure policies, standards, procedures, and audit activities are in alignment with business, IT, and regulatory requirements. The individual in this role is also expected to participate in and support various department activities which may include quarterly user access reviews, the development and maintenance of information security policies, procedures, and standards; training, and awareness activities; review and respond to security requirements and inquiries regarding existing or proposed solutions. The individual will perform internal and external security compliance monitoring activities, manage client audits, IT control audits, and security risk assessments.
To be successful in this role, you must be comfortable with evaluating, documenting, and creating remediation plans to meet compliance requirements in a fast-paced organization. Success will be measured by the effectiveness of the implementation and operation of the information security and compliance directives.
### Responsibilities:
Coordinate IT security governance, risk and compliance activities across the enterprise
Oversee information security compliance activities, including daily, weekly, quarterly and/or annual security risk assessments – both performing internal assessments and responding to external assessments
Respond to request for information on Cyderes' security compliance from customers and partners, review and negotiate relevant agreements
Support efforts for compliance with SOC2, ISO 27001, NIST 800-53, and other security standards and regulatory frameworks
Conduct audit readiness assessments and coordinate with internal and external functions and audit resources
Support the implementation and administration of the Governance, Risk, and Compliance system (GRC)
Collaborate with other departments to direct security compliance issues to appropriate channels for investigation and resolutions
Revise and maintain security & controls policies and procedures in accordance with applicable regulations
Enable Continuous Compliance through Continuous testing of security & privacy controls
Identify and provide recommendations for technology, licensing, and/or process updates to improve Cyderes overall security posture
Develop and provide reports to keep management informed of the operation and progress of compliance efforts
### Requirements
Minimum 3 years in a GRC role with at least 1 full year of hands-on administration of a GRC automation tool (Vanta, Drata, or Sprinto etc.). Vanta is preferred.
Experience in design and implementation of information security policies and controls
Experience participating in external security audits; SOC2 Type II preferred
Experience conducting needs assessments and identifying/implementing appropriate solutions
Strong knowledge of security technologies and architecture, including encryption, cloud network security design, security group configuration, intrusion detection, data loss prevention and application security
Ability to take initiative and be proactive
Ability to work independently and be resourceful
Complex problem-solving and analytical skills
Excellent communication skills, both verbal and written; ability to condense complex information into simple language for the appropriate audience
CISSP, CISM, CISA certifications preferred
Analyst A (The Internal Builder): Focuses on Vanta, SOC2/ISO mapping, and internal engineering/DevOps alignment.)
Evidence Collection: Proven track record of translating abstract SOC2 criteria into technical screenshots, logs, or API outputs.
Proven track record of translating abstract SOC2 Common Criteria or ISO 27001 clauses into actionable technical controls.
WHY CYDERES?
Benefits that go beyond the basics, we support our people so they can do their best work.
✔ Medical Insurance - Employee + dependents covered
✔ Life Insurance - Protection for what matters most
✔ Retirement Match Program - We invest in your future
✔ Hybrid Work Model - 2–3 days in office
✔ Maternity & Paternity Leave - Time for the moments that matter
✔ Paid Time Off - PTO + sick & casual leave
✔ Bereavement & Volunteer Time - Give back to your community
✔ Professional Development - Reimbursement program
✔ LinkedIn L&D Platform - Thousands of courses at your fingertips
✔ Mobile Phone Reimbursement - Stay connected, on us
Cyderes is an Equal Opportunity Employer (EOE). Qualified applicants are considered for employment without regard to race, religion, color, sex, age, disability, sexual orientation, genetic information, national origin, or veteran status.
Note: This job posting is intended for direct applicants only. We request that outside recruiters do not contact us regarding this position.