We are a Polish branch of a fast-growing
InsurTech product company from Silicon Valley - Hippo Insurance. Our mission is to revolutionize home insurance in the US, starting from IoT monitoring devices to our industry-leading software. How do we want to get there? We need a top-notch talent, just like you! Putting a lot of effort into hiring top-tier professionals, is a proof that we care a lot about tech experience, the attitude, human approach, and what we could call „culture fit”.„SwingDev is all about people” - yes, it may sound a bit cliche.
But whether we're writing code or just hanging out, we know that people are at the heart of everything we do. We like to have a good time and keep things light, even when we're tackling big projects. We could brag about what’s making us special, but we’ve boiled it down to two key ingredients: mature, companionable people who, rather than compete, prefer to inspire and have each other’s backs; a culture of trust, empathy, and positivity that keeps us together, lets us interact as teammates and friends, and truly enjoy the ride.About the role: We are seeking an experienced GRC Analyst to ensure our organization complies with federal and state regulations, as well as industry best practices.
You’ll train staff on regulatory requirements, support investigations into compliance issues, and recommend improvements to internal procedures to enhance overall compliance.So if you're a GRC Analyst looking to shake things up and have a good time while you're at it, you’ve come to the right place. 🚀
What will you do?
- You'll monitor and ensure compliance: Oversee adherence to regulations and certifications such as Sarbanes-Oxley (SOX), SOC2, ISO27001, CCPA, NIST, and NYCRR 500. Develop, maintain, and ensure compliance with corporate policies, standards, and procedures in alignment with applicable security frameworks. Stay updated with changes in relevant laws and regulations. Participate in risk remediation efforts across business units.
- You'll prepare and support audits: Assist in internal and external audits by gathering and organizing evidence to demonstrate compliance. Document process flow diagrams, user stories, and business analyses.
- You'll conduct risk assessments: Identify and analyze potential risks to the organization, evaluate their likelihood and impact, and manage third-party risks.
- You'll collaborate: Act as an intermediary between business owners, system vendors, and the GRC/Cybersecurity team. Work with different teams to develop and enhance compliance procedures. Provide training and guidance on compliance and risk management best practices.
- You'll develop and implement controls and programs: Create policies and procedures to mitigate identified risks. Ensure these controls are effectively implemented and maintained. Review new technology implementations for security compliance. Create and manage education and awareness programs.
- You'll create reports and presentations: Communicate findings and recommendations to stakeholders. Prepare detailed reports on risk assessments, compliance status, and audit results. Define security metrics, reporting mechanisms, and create maturity models and a roadmap for continual program improvements.
We might be a match if you…
- Have minimum of 2-3 years of experience in a GRC role in a 100% cloud environment.
- Have strong knowledge of regulatory requirements and industry standard frameworks - SOX or SOC 2.
- Have experience in auditing and applying control processes to networks and applications.
- Have experience developing corporate security policies, standards, and procedures.
- Have experience with security and risk management.
- Understand cloud environments (GCP, AWS, Azure).
- Have a great command of English (written & spoken).
- Are available in the afternoons - due to collaboration with the United States, evening meetings may occur. Rest assured, we prioritize work-life fit, respect everyone's private lives, and don’t work at night but we still must ensure that communication between the time zones is effective.
You will get extra points for:- Knowing industry standard frameworks such as: ISO 27001, NYCRR 500, NIST, GDPR.
- Having certifications such as CRISC, CISA, CISM, CCSK, CompTIA Security+, or CGRC are highly desirable but not required.
Recruitment process:
- Send us your CV – it's the best way for us to get to know you.
- Meet Ola, one of our Recruiters.
- We’re finalizing the interview process, but here's a hint: there will be a maximum of 2 stages, allowing you to get to know your manager and team better.
- Meet on the final stage with Marcin and Alicja.
- and... welcome aboard! 👋
What benefits are waiting for you?
Basics 📝 Form of employment of your choosing🌎 Remote work & flexible working hours 🤒 Paid sick leave🏖️ Paid holidaysHealth & Safety💊 Private medical care with dentists & orthodontists package for you and your family ❤️ Group life insurance🧘 Psychotherapists support — free online sessions with psychologists and psychotherapists.🤸 Home physiotherapy🏅 Multisport card & meditation apps reimbursed 50%Working conditions & Development💻 Gear with Apple Logo and monitor🌱 50% reimbursement for courses, conferences, books & certificates🇺🇸 Free access to private language lessons🐕 6 Personal Development Days & 4 Voluntary Days OffExtras you may like🎫 Cafeteria platform — extra “stówka”every month to spend on whatever you want to🧒 Nanny services for parents 📦 Concierge services – a personal assistant to help you to deal with your everyday matters🎮 Chill room with table football & PlayStation 4🍦 Free snacks, and ice cream in the office (every day, all year round!)🍱 Free Friday Lunch in the office🎉 Team building events — we party together several times a year during the annual Offsite & Christmas Parties, beer after work, or our #WinterEscapeMonth workation in CyprusApply for this job