Senior Security Analyst | GRC

Save to Kiter
What Ramp is looking for in applicants

Ramp is building the next generation of finance tools—from corporate cards and expense management, to bill payments and accounting integrations—designed to save businesses time and money with every click. Over 5000 businesses are spending an average of 3.3% less and closing their books 8 times faster, thanks to Ramp’s finance automation platform that enables billions of dollars of purchases each year.

Founded in 2019, Ramp has seen nearly 10x year-over-year growth which has led to a valuation of $8.1 billion in just over 3 years. Its investors include Founders Fund, Stripe, Citi, Goldman Sachs, Coatue Management, D1 Capital Partners, Redpoint Ventures and Thrive Capital, as well as over 100 angel investors who were founders or executives of leading companies. The team is made up of talented leaders from some of the leading financial services and fintech companies—Capital One, Stripe, Affirm, Goldman Sachs, American Express, Visa—as well as high-growth technology companies like Facebook, Spotify, Zendesk, Uber, Dropbox, and Instacart. Recently named Fast Company’s most innovative finance company, Ramp is NYC’s fastest-growing startup and America’s fastest-growing corporate card.

About the Role

Join our growing security team and build upon our business-enabling security GRC program at Ramp. This role will drive security compliance, third party risk, and assurance initiatives as we build out our team. This will include a focus on the maturation of our security posture, due diligence efforts, and overall risk management.

What You’ll Do

  • Provide support to the governance risk and compliance management program to achieve reports/certifications such as SOC2, ISO 27001/2, PCI-DSS and others as appropriate
  • Build and maintain a comprehensive security risk register and communicate with cross functional teams to test, monitor, and remediate relevant risks 
  • Support internal risk identification, assessment, and mitigation initiatives to minimize overall risk exposure
  • Collaborate cross functionally to design, implement, test, and monitor security and IT controls
  • Work with external auditors and regulators to support technology risk and compliance initiatives
  • Own the successful planning, coordination, and execution of 3rd party-risk assessments and audits

What You Need

  • Minimum 3 years of experience with security requirements, standards and practices such as NIST CSF, NIST 800-53, ISO 27001, PCI, SOC2, etc.
  • Minimum 3 years of experience in supporting business-enabling GRC programs in highly regulated industries (e.g., Healthcare, Finance)
  • Excellent understanding of risk and able to prioritize potential gaps and opportunities for improvement based on our business and risk profile
  • Experience supporting and building out a third party risk management program
  • Demonstrate proficient risk management skills and communication skills to navigate difficult conversations with leadership while driving accountability for risk-based decisions
  • Demonstrated experience working cross-functionally across technical and non-technical teams across a large organization to drive alignment and action
  • GRC experience at a B2B SaaS company or at a hypergrowth startup

Nice to Haves

  • Security Certifications (CISSP, CISA, CCAK, CRISC, etc.)
  • Familiarity with GRC tool automation, monitoring, and maintenance

About Our Team

Our team’s mission is to enable the business and provide assurance to our customers through the following pillars:

  • Security Governance & Risk focuses on implementing a risk and compliance program that identifies and mitigates risk across the organization
  • Security Compliance focuses on maintaining a compliance roadmap (SOC 2, ISO 27001, PCI, SOX) based on customer and internal needs
  • Customer Assurance focuses on owning customer assurance packages (questionnaires, trust site, sales enablement)
  • Third Party Risk Management focuses on guarding against threats posed by third parties who have access to Ramp data

Ramp Benefits (for U.S. based employees)

  • 100% medical, dental & vision insurance coverage for you
    • Partially covered for your dependents
    • OneMedical annual membership
  • 401k (including employer match)
  • Unlimited PTO
  • Annual education reimbursement
  • WFH stipend to support your home office needs
  • Monthly wellness stipend; Headspace annual membership
  • Parental Leave
  • Relocation support

Want some tips on how to get an interview at Ramp?

What is Ramp looking for?
If this role looks interesting to you, a great first step is to understand what excites you about the team, product or mission. Take your time thinking about this and then tell the team! Get in touch and communicate that passion.
What are interviews for Senior Security Analyst | GRC like?
Interview processes vary by company, role and team. The best plan is to see what others have experienced and then plan accordingly.
How to land an interview at Senior Security Analyst | GRC?
A great first step is organizing your path to an offer. Check out Kiter for tools to get started!