Who are we?
Checkmarx is the leader in application security and ensures that enterprises worldwide can secure their application development from code to cloud. Our consolidated platform and services address the needs of enterprises by improving security and reducing TCO, while simultaneously building trust between AppSec, developers, and CISOs. At Checkmarx, we believe it's not just about finding risk, but remediating it across the entire application footprint and software supply chain with one seamless process for all relevant stakeholders. We are honored to serve more than 1,800 customers, which includes 40 percent of all Fortune 100 companies including Siemens, Airbus, SalesForce, Stellantis, Adidas, Wal-Mart and Sanofi.
What are we looking for?
We are looking for a proactive and analytical GRC Analyst to join our CISO team. In this role, you will play a key role in advancing our risk management program, identifying, assessing, monitoring, and reporting organizational risks across technology, product, operational, and third-party domains.
The analyst will collaborate with cross-functional stakeholders to ensure effective risk mitigation strategies, strong governance practices, and alignment with regulatory and industry standards. This role also includes translating technical and operational risks into business impact to support informed decision-making by senior leadership. You will support internal and external audits (SOC 2 Type II, ISO 27001), contribute to continuous control monitoring efforts, and promote a culture of risk ownership and security awareness across the organization.
How will you make an impact?
Risk Management & Governance:
• Maintain and continuously improve the Enterprise Risk Management framework.
• Facilitate enterprise-wide risk assessments across business units.
• Develop and maintain risk taxonomy, scoring methodology, and risk registers.
• Define and monitor Key Risk Indicators (KRIs) and risk metrics.
• Conduct control effectiveness reviews in partnership with control owners.
• Support risk assessments related to cloud, SaaS, AI, and emerging technologies.
Compliance & Assurance:
• Ensure compliance with relevant laws, regulations, and standards (e.g., SOC 2, ISO 27001, NIST, GDPR)
• Support internal and external audits, including evidence collection, documentation preparation, and stakeholder coordination
Program Development & Collaboration:
• Collaborate with cross-functional teams, including Legal, Procurement, R&D, and IT, to address GRC-related matters
• Assist in the continuous improvement of GRC programs and initiatives
• Contribute to automation and optimization of GRC tooling and workflows
• Promote a culture of security, compliance, and risk awareness.
