About Us
Diligent is the AI leader in governance, risk and compliance (GRC) SaaS solutions, helping more than 1 million users and 700,000 board members to clarify risk and elevate governance. The Diligent One Platform gives practitioners, the C-Suite and the board a consolidated view of their entire GRC practice so they can more effectively manage risk, build greater resilience and make better decisions, faster.
At Diligent, were building the future with people who think boldly and move fast. Whether youre designing systems that leverage large language models or part of a team reimaging workflows with AI, youll help us unlock entirely new ways of working and thinking. Curiosity is in our DNA, we look for individuals willing to ask the big questions and experiment fearlessly - those who embrace change not as a challenge, but as an opportunity. The future belongs to those who keep learning, and we are building it together. At Diligent, you re not just building the future - you re an agent of positive change, joining a global community on a mission to make an impact.
Learn more at diligent.com or follow us on LinkedIn and Facebook
Position Overview:
As a Senior Staff Security Analyst, you will be a key member of the Security GRC team that identifies, tracks, monitors and advises on security compliance risk. You will assess the organization s security control structure, including the governance processes, risk management, secure development, and operational security framework. In addition, you will support internal and external audits of the environment to provide assurance reports to management stakeholders and customers.
You will have a range of tools for delivery and automation at your disposal and will engage with groups across Security, Engineering, Technology. You will also be expected to make recommendations for process improvement and leverage programming and analytical skills to design automation solutions. You will be expected to independently manage projects and business processes for the group.
Key Responsibilities
- Perform control assessments for design and effectiveness and assess cyber risk
- Identify, review, assess, and recommend treatment options for control failures
- Build production ready analytical tools to automate repeatable and reusable processes
- Communicate risk and control objectives to business stakeholders
- Develop treatment plans with controls owners to mitigate risks and meet compliance needs
- Design and implement automated control monitoring and evidence collection processes
- Identify areas for program improvement or automation
- Provide mentorship or guidance to junior team members
- Manage projects and business processes for risk management across product and corporate environments
Required Experience/Skills
- 5+ years of experience of GRC and/or cyber risk management
- Excellent written and communication skills
- Proficiency in programming languages, such as Python, Javascript, or shell for automating assessments and repeated tasks
- Strong critical thinking and problem-solving abilities
- Ability to operate with a high degree of independence
- Demonstrable experience assessing technical controls for cloud/SaaS environments such as AWS
- Expertise with NIST Cyber Security Framework, SOC 2, and ISO 27001.
Preferred Experience/Skills
- Working knowledge of secure software development lifecycles, AWS (Amazon Web Services), infrastructure security, and/or security audit
- Understanding of security control frameworks such as SOC 2, NIST (National Institute of Standards and Technology), or ISO and control harminization
- BS/BA in Computer Science, Information Technology, or a related field; professional certification (e.g., CompTIA Security+, CISSP) is a plus
- AWS Certified Cloud Practitioner or equivalent is a plus
