Expel

GRC & Privacy Analyst

Save to Kiter
What Expel is looking for in applicants

You love checkboxes. After all, security is all about meeting requirements. Make sure all the boxes are checked, and we'll be safe. Do you yearn to pick apart systems with a squint in your eye and a red pen in your hand? Then you can stop right now, because that's not who we're looking for. For everyone else, let's start again!

You know that requirements bingo can be a strong foundation, and you often think, "If only we believed in these from the beginning, that would be something." Turns out, we feel the same way.

Security used to be simple. We built things, we solved problems, and we built some more things. Then a good friend of Security, called Privacy and Compliance, came along for the ride with its own set of regulatory and statutory requirements.

So, we started making lists, to avoid any problems of tomorrow. At some point, these lists began regulating everything we do to build, run, and sustain systems. They ceased being goals, and instead turned into restrictions. The checking of the box became the ultimate goal; rather than understanding why the box was there in the first place—a culture lurched towards "Compliance before Competence." We realized we knew better, and it was time to tackle agile risk-based approaches that enable Expel.

We hope that you know better, too. You understand that compliance frameworks can have productive value and can be adopted in a proficient manner. It can enable us to change Expel for the better by adopting proactive versus reactive ways of handling compliance, and allows you to be a collaborative teammate that helps break down compliance complexities into things that can be easily understood.

Your mission is to help Expel navigate all these requirements, audits, frameworks, and more, blazing a path that's logical, efficient, and helps us thrive!


What Expel can do for you

  • Provide an opportunity to "Do Compliance Right" in a way that boosts security and privacy, rather than adding complexity and friction
  • Give you experience tackling the unique challenges of a growing security startup with a team who genuinely cares about doing meaningful work
  • Give you the opportunity to work on a unique people-first approach
  • Teach you new tricks to make sure you're learning new skills and growing your career
  • Provide an entertaining and transparent work environment where you can interact with senior leadership and teams across the company

What you can do for Expel

  • Help us evaluate our vendors, so we can effectively assess the risks that exist within our supply chain
  • Ensure we’re "walking the walk" with respect to compliance and audit commitments we’ve made (SOC 2, ISO 27001k, EU GDPR, CCPA, etc)
  • Support other Expletives by educating them about proactive security and enabling security and privacy by design
  • Help us create informed metrics, so we can relay how well we're meeting our requirements and enhancing customers trust
  • Exhibit curiosity and a willingness to learn — you'll try and fail... and try again... as you experiment with new technologies, approaches, and techniques

What you should bring with you

  • An intuitive and proven grasp of frameworks / certifications like SOC 2, NIST Cybersecurity Framework (CSF) and Privacy Framework (PF), ISO 27001/27701, and privacy laws like the EU GDPR and CCPA
  • Experience evaluating SaaS applications and third party services against IT/Security compliance standards and regulatory requirements
  • Having any of these certifications is ideal - CISA, CRISC, CIPM, CIPP/US, CIPP/E, CIPT, or CISSP
  • Ability to translate technical language to others in easy to understand concepts
  • Great project management and organizational skills

Additional Notes

At Expel, our employee benefits reflect our commitment to our crew. Unlimited PTO, equity for everyone, work location flexibility, up to 24 weeks of parental leave, and excellent health benefits are some of the ways we care for our Expletives.

Our office is based in Herndon, Virginia. However, we will consider remote work for this position.

We’re only hiring those authorized to work in the United States. We do not currently sponsor immigration visas.

We're an Equal Opportunity Employer: You'll receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

We’ll ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please let us know if you need accommodation of any kind.

Want some tips on how to get an interview at Expel?

What is Expel looking for?
If this role looks interesting to you, a great first step is to understand what excites you about the team, product or mission. Take your time thinking about this and then tell the team! Get in touch and communicate that passion.
What are interviews for GRC & Privacy Analyst like?
Interview processes vary by company, role and team. The best plan is to see what others have experienced and then plan accordingly.
How to land an interview at GRC & Privacy Analyst?
A great first step is organizing your path to an offer. Check out Kiter for tools to get started!