GRC Analyst

Who are we?

Checkmarx is the leader in application security and ensures that enterprises worldwide can secure their application development from code to cloud. Our consolidated platform and services address the needs of enterprises by improving security and reducing TCO, while simultaneously building trust between AppSec, developers, and CISOs. At Checkmarx, we believe it's not just about finding risk, but remediating it across the entire application footprint and software supply chain with one seamless process for all relevant stakeholders. We are honored to serve more than 1,800 customers, which includes 40 percent of all Fortune 100 companies including Siemens, Airbus, SalesForce, Stellantis, Adidas, Wal-Mart and Sanofi.

What are we looking for?

We are looking for a proactive and analytical GRC Analyst to join our CISO team. In this role, you will play a key role in advancing our risk management program, identifying, assessing, monitoring, and reporting organizational risks across technology, product, operational, and third-party domains.

The analyst will collaborate with cross-functional stakeholders to ensure effective risk mitigation strategies, strong governance practices, and alignment with regulatory and industry standards. This role also includes translating technical and operational risks into business impact to support informed decision-making by senior leadership. You will support internal and external audits (SOC 2 Type II, ISO 27001), contribute to continuous control monitoring efforts, and promote a culture of risk ownership and security awareness across the organization.

How will you make an impact?

Risk Management & Governance:

• Maintain and continuously improve the Enterprise Risk Management framework.

• Facilitate enterprise-wide risk assessments across business units.

• Develop and maintain risk taxonomy, scoring methodology, and risk registers.

• Define and monitor Key Risk Indicators (KRIs) and risk metrics.

• Conduct control effectiveness reviews in partnership with control owners.

• Support risk assessments related to cloud, SaaS, AI, and emerging technologies.

Compliance & Assurance:

• Ensure compliance with relevant laws, regulations, and standards (e.g., SOC 2, ISO 27001, NIST, GDPR)

• Support internal and external audits, including evidence collection, documentation preparation, and stakeholder coordination

Program Development & Collaboration:

• Collaborate with cross-functional teams, including Legal, Procurement, R&D, and IT, to address GRC-related matters

• Assist in the continuous improvement of GRC programs and initiatives

• Contribute to automation and optimization of GRC tooling and workflows

• Promote a culture of security, compliance, and risk awareness.

Requirements

What is needed to succeed?

·        Bachelor’s degree in Information Security, Computer Science, Risk Management, or related field

·        2+ years of experience in GRC, enterprise risk management, or information security roles

·        Experience supporting SOC 2 and/or ISO 27001 audits

·        Working knowledge of privacy regulations and information security frameworks (e.g., NIST, CIS, ISO 27001, GDPR)

·         Experience with GRC platforms or risk management tools (e.g., OneTrust, ServiceNow, Archer) is an advantage

·        Familiarity with cloud security concepts (AWS, Azure, GCP) and SaaS environments

·        One or more of the following Certificates (Highly desirable): CISSP, CRISC, CISA, CISM, CGRC

What we have to offer

Checkmarx offers a great work environment, professional development, challenging careers, competitive compensation, great work-life balance, as well as great benefits and perks throughout the year. Checkmarx is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, or other characteristics protected by law.