Cybersecurity GRC Analyst

Company: Tbwa Chiat/Day Inc
Location: San Francisco
Posted on: March 31, 2025

Job Description:

Join the Future of Commerce with Whatnot!Whatnot is the largest livestream shopping platform in North America and Europe to buy, sell, and discover the things you love. We're redefining e-commerce by blending community, shopping, and entertainment into a community just for you. As a remote co-located team, we're inspired by innovation and anchored in our values. With hubs in the US, UK, Ireland, Poland, and Germany, we're building the future of online marketplaces-together.From fashion, beauty, and electronics to rare collectibles like trading cards, comic books, and even live plants, our live auctions have something for everyone.And we're just getting started! As one of the fastest-growing marketplaces, we're looking for bold, forward-thinking problem solvers across all functional areas. Check out the latest Whatnot updates on our news and engineering blogs and join us as we enable anyone to turn their passion into a business and bring people together through commerce.Whatnot's Security GRC team is dedicated to building trust with regulators, customers, employees, and investors by demonstrating commitment to industry standards and continuous improvement. We defend and protect our users' data and information as if it were our own. As part of the Security GRC team, you can expect to be responsible for:

• Reviewing and implementing secure configurations across various tools like Okta, Terraform, AWS, Lumos, Cloudflare, and Github.
• Developing security requirements for partner teams and driving progress towards the execution of those requirements.
• Preparing for and running our external security audits.
• Shaping the strategic direction of the Security GRC team.Team members in this role are required to be within commuting distance of our Los Angeles, CA, San Francisco, CA, or New York, NY hubs.Curious about who thrives at Whatnot? We've found that low ego, a growth mindset, and leaning into action and high impact goes a long way here.As our Governance, Risk, & Compliance Analyst, you should have a minimum of 8+ years of relevant experience in security governance, risk, and compliance, preferably in a tech startup environment, plus:
  • A Bachelor's degree in Computer Science, Information Security, or a related field.
  • The successful candidate will have a deep knowledge of security best practices and industry standards, such as ISO 27001, SOC2, PCI, and GDPR/CCPA.
  • Experience at a Big 4 firm or similar reputable audit firm.
  • Experience in supporting complex third-party audit projects in a cloud-centric environment, with a strong aptitude to understand emerging technologies to ensure regulatory and compliance requirements are met.
  • Excellent written communication skills with the ability to document, communicate, and report security assessments as well as the status of the implementation and effectiveness of cybersecurity controls with product and business leaders.Salary: $180,000/year to $230,000/year + benefits + equity.The salary range may be inclusive of several levels that would be applicable to the position. Final salary will be based on a number of factors including level, relevant prior experience, skills, and expertise. This range is only inclusive of base salary, not benefits or equity.Benefits
    • Health Insurance options including Medical, Dental, Vision.
    • Work From Home Support
      • Home office setup allowance.
      • Monthly allowance for cellphone and internet.
      • Retirement: 401k offering for Traditional and Roth accounts in the US (employer match up to 4% of base salary) and Pension plans internationally.
      • Parental Leave
        • 16 weeks of paid parental leave + one month gradual return to work. Company leave allowances run concurrently with country leave requirements which take precedence.Whatnot is proud to be an Equal Opportunity Employer. We value diversity, and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, parental status, disability status, or any other status protected by local law. We believe that our work is better and our company culture is improved when we encourage, support, and respect the different skills and experiences represented within our workforce.Apply for this job* indicates a required fieldFirst Name *Last Name *Email *PhoneResume/CV *LinkedIn ProfileWebsiteHow did you hear about this job? *At the time of hire, will you be located within 150 miles of one of our hubs? If so, please select which location. If not, please select "N/A" and input your city and state/province in the field below. *Please list the city and state/province you are located in today. *Are you legally authorized to work in the United States? *Which Access Management tools do you have experience with? *What do you use Github for in your daily work? *What experience do you have working at an audit firm? *Which major security standards do you have experience with? *What is your experience with Risk Management? *Optional Demographic QuestionsHi there! Here at Whatnot, we want to empower every employee to reach their full potential, regardless of race, gender, ethnicity, sexual orientation, or background. We also believe that building an organization with many dimensions of diversity is an important key to short and long-term success.We collect anonymous demographic information to help us achieve our goal of building a diverse company. This information is anonymous and will not be tied back to your application. The data will only be used in aggregate for reporting or learning purposes.With what Race/Ethnicity do you identify? *Do you belong to the LGBTQ+ community? *How would you describe your gender identity? *How would you describe your disability status? *How would you describe your veteran status? *
          #J-18808-Ljbffr

Keywords: Tbwa Chiat/Day Inc, San Francisco , Cybersecurity GRC Analyst, Professions , San Francisco, California