Senior Security GRC Analyst

About the team: The Information Security (InfoSec) organisation advances the overall state of security at Rubrik through critical initiatives and coordination of large security projects. Information Security builds technologies, tools, and processes to better enable teams at Rubrik to develop secure software and protect data and systems with appropriate security controls. Information Security also develops systems to monitor and respond to attacks against our systems, provides awareness education to teams on security best practices for data protection, and ensures data sharing relationships with third parties in order to securely protect Rubrik information. About the role: We are looking for a Compliance Analyst to streamline and automate our security compliance engine. In this role, you will be the engine behind our regulatory adherence and internal control environments. You won't just check boxes; you’ll build scalable evidence collection processes, manage internal assessments, and partner with engineering teams to close security gaps. You will focus on the execution and continuous monitoring of our security compliance framework, ensuring we remain audit-ready across multiple standards (such as SOC2, ISO 27001, or HIPAA). What you’ll do: Framework Management: Maintain global compliance certifications, including ISO 27001, SOC2, BSI C5, Cyber Essentials, DESC, and evolving data privacy standards. Audit Coordination: Serve as the primary liaison for internal and external audits; manage timelines, evidence collection, and communication between process owners and auditing bodies. Strategic Partnership: Partner with cross-functional teams (risk, governance, sec-ops, etc.) to identify control gaps, prioritise remediation efforts, and implement scalable solutions that reduce organisational risk Evidence Lifecycle Management: Systematise the collection and retention of audit evidence to ensure the organisation is audit-ready at all times without disrupting daily operations.. Continuous Monitoring: Experience in conducting a common controls framework, which shall be required to assess control effectiveness and evidence to support in defining security posture and compliance Standard Simplification: Deconstruct complex regulatory requirements and technical standards into clear, actionable and operational requirements. Stakeholder Communication: Act as a subject matter expert, providing transparent and persuasive updates on the health of the compliance program to leadership and internal teams. Compliance Advocacy: Design and deliver targeted training sessions to help process owners understand their role within the Rubrik controls framework and the "why" behind security requirements. Support Risk Management : Support risk assessments to identify, document, and track the remediation of information security threats. Governance: Support to develop and update the information security policy framework to ensure alignment between business objectives and regulatory requirements. Third-Party Risk: Support the supplier security process to conduct ongoing monitoring of vendors to ensure third-party services do not compromise the organisation’s security posture. Experience you’ll need: 5+ years of experience in Information Security Governance, Risk and Compliance (GRC) or relevant Compliance roles in the tech industry Proven track record of driving security and operational risk processes within a modern risk oversight function Advanced knowledge of risk quantification principles and experience implementing FAIR-like approaches Strong understanding of common security risks, vulnerabilities, and threats Expertise in relevant information security frameworks (ISO 27001/2, FedRAMP, SOC 2, CIS Top 20, PCI DSS, NIST CSF, HIPAA) Proficiency in audit and risk management methodologies (SOX, COBIT, NIST RMF) Hands-on experience with data analytics and BI tools (e.g., Power BI) and agile project management tools (e.g., Jira) E ... (truncated, view full listing at source)