InfoSec GRC Analyst /Senior Analyst

Build your career with purpose. Be a champion for small and mid-size businesses.

BILL is a leader in financial automation software for small and midsize businesses (SMBs). As a champion of SMBs, we are dedicated to automating the future of finance so businesses can thrive. Hundreds of thousands of businesses trust BILL solutions to manage financial workflows, including payables, receivables, and spend and expense management. With BILL, businesses are connected to a network of millions of members, so they can pay or get paid faster. Through our automated solutions, we help SMBs simplify and control their finances, so they can confidently manage their businesses, and succeed on their terms. 

BILL is a trusted partner of leading U.S. financial institutions, accounting firms, and accounting software providers. We have operations in San Jose, CA, Draper, UT, Houston, TX and Sydney, AUS and are continuing to expand into other geographic locations. If you’re looking for a place that helps you do the best work of your career, look no further than BILL.

Make your impact within a rapidly growing Fintech Company

The InfoSec Governance, Risk and Compliance (GRC) team works within the Information Security (InfoSec) organization at BILL to implement, monitor, and continuously improve BILL’s security governance, risk, and compliance programs.

As an InfoSec GRC analyst, reporting to the Director of GRC Customer Audit, Assurance and Third-party Security Risk Management, you will be responsible for collaborating cross-functionally with the business on GRC activities and supporting the company’s obligation to identify technology and security risks, and manage legal, regulatory and compliance risks. This role will be critical as we mature our controls and overall Information Security program.

In this role you will 

• Assess security compliance with policies, standards, and regulations through controls monitoring, controls testing and performance of security risk assessments. Serve as a subject matter resource to assess compliance implications for areas that have gaps
• Stay updated on developing regulatory concerns and changing IT/security trends. Develop a close partnership with control owners, educating them on applicable security compliance requirements, security risk areas, mitigations, process improvements, and risk-appropriate control recommendations
• Support coordination of internal and external audits that are associated with cybersecurity and technology risks, including facilitating audit evidence collections, responses to observations and reporting 
• Respond to customer and partner security due diligence requests, and ensure that BILL meets customer and partner requirements
• Support issue management efforts, which include remediation tracking, status reporting and validating closure of security gaps, non-compliance issues and/or security risk.
• Assist in continuous controls monitoring utilizing GRC solution, dashboards, analytics, automation, and other supporting tools.
• Assist in preparing ongoing reports with specified metrics/key performance indicators related to compliance activities, audit results, remediation plans, and other compliance efforts and present them to management
• Assist in evaluating security risk associated with Third-Party/Vendor to ensure that Third-Parties’ technology environment and security controls appropriately protect shared data, that contracts have the appropriate security requirements, and that those requirements are met through regular re-assessments
• Provide expertise and consulting with the objective of helping BILL manage Third-Party security risk to an acceptable level
• Be an advocate for security best practices and the security compliance resource for stakeholders from departments throughout the company

We’d love to chat if you have:

• 3+ years of experience in technology risk and compliance roles. Preferably at a technology or SaaS / Cloud company, and / or as an auditor at Big 4 firm
• Knowledge and experience with compliance and regulatory frameworks, standards and controls, such as NIST, ISO27001, PCI DSS, SSAE 18 (SOC), COSO, SOX
• Understanding of security techniques, practices, and controls that can be applied to address risks
• Experience working and collaborating effectively with technical or non-technical subject matter experts, and internal/external auditors in gathering information and demonstrating compliance with standards
• Experience with the monitoring and evaluation of technology processes and controls including design and operating effectiveness testing and reporting on results and recommendations
• Experience with Third-Party / Vendor Security Risk Management
• Experience working with Fintech GRC or top tier bank compliance or audit function will be preferred 
• Possess strong oral and written communication skill, and strong project management and organizational skills 
• Action-oriented with the ability to multi-task and work in agile, changing and fast growing environments
• Bachelor’s degree in Information Systems, Security, Technology or similar field of interest or equivalent work experience
• Relevant professional designation (CISSP, CISA, CRISC, CRMA, CIPP)

Let’s talk about benefits

• 100% paid employee health, dental, and vision plans (choose HMO, PPO, or HDHP)
• HSA & FSA accounts 
• Life Insurance, Long & Short-term disability coverage
• Employee Assistance Program (EAP)
• 11+ Observed holidays and wellness days and flexible time off 
• Employee Stock Purchase Program with employee discounts
• Wellness & Fitness initiatives
• Employee recognition and referral programs
• And much more