Associate Governance, Risk and Compliance Specialist (Remote)

As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, and we’ve redefined modern security with the world’s most advanced AI-native platform. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We’re also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We’re always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you. About the Role: The Associate Governance, Risk, and Compliance Specialist is charged with assisting in the identification, assessment, measurement, monitoring, and reporting of risk through CrowdStrike’s Governance, Risk, and Compliance (GRC) program. The Associate GRC Specialist’s primary function will involve supporting CrowdStrike’s customer assurance program, including responding to customer security assessments and maintaining CrowdStrike’s trust portal. This position may also be called to support GRC functions in relation to audit and compliance of CrowdStrike’s products and third parties including vendors and partners. What You'll Do: The ideal candidate will be up to the challenge of understanding current technologies and processes while being continuously on the lookout for innovative and flexible ways to automate processes that support a fast-paced, secure, and empowered environment. This role covers customer assurance, audit, and compliance in the context of security and privacy within enterprise-wide operational areas such as: Responding to CrowdStrike and customer questions regarding GRC, information security, privacy, and related topics; Assisting with internal and external audits and assessments including control assessment, monitoring, and reporting including collection and organization of evidence; Working with various internal teams and external parties to define and prioritize remediation efforts, tracking remediation activities, and inspecting/validating solutions that have been implemented; Performing other duties within the scope of governance, risk, and compliance as needed. What You’ll Need: Practical experience with policy and regulatory mandates such as SOC 1/SOC 2, CSA-CCM, ISO27001/27002/22301/27017/42001, GDPR, CCPA, PCI-DSS, the NIST Risk Management Framework, and associated standards such as NIST SP(s) 800-34/800-53 Revision 5/800-171, FedRAMP, CMMC 2.0; Understanding of Third Party Risk Management concepts such as organizational risk impact, determining data classification, evaluating control implementations, and assessing adequacy of compensating controls; Experience in typical office applications including Microsoft Word, Excel, and the Google Workspace Suite; Fundamental technical understanding of key technologies such as Windows, Linux, and Apple operating systems, networks, application development, databases, virtualization, containerization, and cloud infrastructures; and Bachelor’s degree in a relevant field (e.g., Information Security, Risk Management, or related discipline) with 1 year of experience in governance, risk, and compliance, or customer trust, or equivalent combination of education and practical experience. Bonus Points: Experience implementing, managing, and/or operating a customer trust portal. Practical experience in programming languages including JavaScript, Python or similar. Experience in scoping work, project management, critical path analysis, resourcing, managing time estimates, project risks, and/or quality. Ability to think strategically about risks and tie those risks to tactical organizatio ... (truncated, view full listing at source)