Security Analyst - GRC

Harness is a high-growth company that is disrupting the software delivery market. Our mission is to enable the 30 million software developers in the world to deliver code to their users reliably, efficiently, securely and quickly, increasing customers’ pace of innovation while improving the developer experience. We offer solutions for every step of the software delivery lifecycle to build, test, secure, deploy and manage reliability, feature flags and cloud costs. The Harness Software Delivery Platform includes modules for CI, CD, Cloud Cost Management, Feature Flags, Service Reliability Management, Security Testing Orchestration, Chaos Engineering, Software Engineering Insights and continues to expand at an incredibly fast pace.

Harness is led by technologist and entrepreneur Jyoti Bansal, who founded AppDynamics and sold it to Cisco for $3.7B. We’re backed with $425M in venture financing from top-tier VC and strategic firms, including J.P. Morgan, Capital One Ventures, Citi Ventures, ServiceNow, Splunk Ventures, Norwest Venture Partners, Adage Capital Partners, Balyasny Asset Management, Gaingels, Harmonic Growth Partners, Menlo Ventures, IVP, Unusual Ventures, GV (formerly Google Ventures), Alkeon Capital, Battery Ventures, Sorenson Capital, Thomvest Ventures and Silicon Valley Bank.

Position Summary

The GRC Analyst will be a member of the Information Security organization, working across the business to advise, build, and operate security and compliance programs at scale. Using industry standards and best practices, the GRC Analyst is responsible for delivering security projects, programs, and continuous compliance at scale.

As a GRC Analyst, you will participate in efforts to maintain compliance certifications and regulatory requirements (e.g. SOC2, ISO 27001, GDPR, etc.), design solutions that support Harness’ risk management and security goals (Third Party Risk and Customer Trust), and collaborate directly with business and engineering teams to preserve velocity with security. You will be responsible for defining, documenting, and implementing technical security and compliance controls, and measuring the effectiveness of Harness’ security programs.

About the role

Support the delivery of internal and external audits, risk assessments, and annual compliance certifications across the technical estate;

Execute core security capabilities such as policy and procedure development and security awareness and training requirements;

Support customer trust initiatives such as reviewing contracts for security and privacy requirements, completing questionnaires and requests, and maintaining our customer trust portal;

Continuously monitor and manage supply chain security and vendor risk management;

Drive security and compliance across the business through empathetic partnership;

Articulate Harness’ security capabilities and controls to enterprise customers or auditors; and,

Identify security gaps, develop or support the development of a path forward to address them, and ensure the plan is fully executed and working as intended.

About you

You have 1-4 years of relevant industry experience.

Previous experience in a cloud-native environment (AWS, GCP, or Azure);

You want to work in a high-growth environment and build new programs from scratch;

You are proactive, results driven, an excellent collaborator and communicator.

You care about the details, and are willing to ask questions when you’re unsure; and,

You thrive in solving the unknown, and seek to bring clarity in ambiguous situations.

Bonus Points!

You are familiar with what’s going on under the hood of an AWS or GCP console, and can speak to best practices for configuration and management.

You have expertise with one or more industry regulations and compliance certifications (ISO 27001, SOC 2, FedRAMP, GDPR etc.)

You hold relevant security or technical certifications (CISA, CISSP, AWS/GCP Professional).

You are eager to learn, and to share your knowledge with colleagues.

You like to automate the boring stuff.

Work Location

We are looking for someone who will work onsite (Hybrid- 3 days a week) from one of our offices within North America (San Francisco or Mountain View).

What you will have at Harness

Competitive salary

Comprehensive healthcare benefits

Flexible Spending Account (FSA)

Flexible work schedule

Employee Assistance Program (EAP)

Flexible Time Off and Parental Leave

Monthly, quarterly, and annual social and team building events

Monthly internet reimbursement

The anticipated base salary range for this position is $90,000 - $120,000 annually. Salary is determined by a combination of factors including location, level, relevant experience, and skills. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. The compensation package for this position may also include equity, and benefits. More details about our company benefits can be found at the following link:

Pay transparency

$90,000—$120,000 USD

Harness in the news:

Harness Snags $230 Series D - $3.7B Valuation

Harness Recognized in Inc.'s Best Workplace Awards 2022

Harness on LinkedIn: America's Great Companies to Work For -- And What You Can Learn From

#6 - Glassdoor Best Places to Work 2021 list

#17 on Forbes Top 50 Cloud Companies to Work For

#47 on LinkedIn’ Top 50 Companies to Work For

#2 on Quartz 2021 list best places to work for remote workers

2021 Career Launching Companies List

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex or national origin.