Lead Security Governance Analyst

US - MA - Boston


US - MA - Boston, US - TX - Remote, US - Remote, US - TX - Austin, US - FL - Tampa, US - VA - Remote, US - VA - Arlington


Information Security

At Rapid7, we're on a mission to close the security achievement gap for our customers by simplifying the complex through shared visibility, analytics, and automation that unite teams around challenges and successes of cybersecurity. Our products and services empower over 9,100 customers across over 120 countries to seamlessly build security into the heart of their organizations. 

Our internal Trust & Security Governance team within our Information Security department plays a crucial role in supporting our mission. We ensure we meet our duty of care to our customers, employees, and shareholders by creating effective governance for upholding internal security policies, distributing foundational security expertise across every department to create a strong security culture, and bolstering customer and community trust by providing accessible and transparent information about our internal security program. This role partners closely with other InfoSec teams, Legal, the Request, for Proposal (RFP) team, People Development, and many other teams at Rapid7

We're looking for a Lead Security Analyst to help advance our Trust & Security Governance programs, helping us evolve security policies, streamlining our customer security inquiry response program, and scaling our security training across the company.

Your profile

Are you looking for a new opportunity to apply your security expertise to rapidly mature company-wide security governance programs? Do you want to have a direct impact on customers' understanding of your organization's security program? Are you excited about the opportunity to create a company-wide security culture that sticks? Do you eagerly seek out and embrace feedback from perspectives different from your own? 

If you've been answering “yes” to these questions, then you might be the person we're looking for! Keep reading below to learn more about this unique opportunity to drive impact on a security team at a security company. 

What you'll do

  • Create and maintain Rapid7's security policy framework, including roles and responsibilities, self-service templates, and policy lifecycle processes

  • Partner with Legal and RFP teams to curate FAQ content in our customer security inquiry knowledge base, keeping it accurate and up-to-date by working with subject matter expert teams across InfoSec, Engineering, IT, etc.

  • Provide security expertise to Legal teams in the contract-negotiation process to ensure that contract terms accurately reflect Rapid7's cyber security capabilities.

  • Coordinate and respond to customer security inquiries, due diligence questionnaires, and security-related contract modifications

  • Continuously mature Trust processes through automation, self-service functionality, and process streamlining to shorten our Sales cycle and our customers' due diligence cycle

  • Maintain and evolve security whitepapers, security content in product help docs, and Rapid7's Trust site to create an excellent experience for customers and the community when trying to gauge our security capabilities

  • Partner with other InfoSec teams and People Development to create quality security training content/experiences for employees so they know how to uphold their security responsibilities

  • Develop broad knowledge of the implementation of Rapid7's security controls, policies, and processes across our products and corporate environments

  • Build positive relationships with partner teams in Marketing, Legal, Sales, Business Operations, People Development, and other teams to continuously improve our internal security culture and external awareness of Rapid7's security program

  • Help create metrics to demonstrate the efficiency and effectiveness of our Trust program and to inform continuous program improvements

  • Systematically track and report on customer feedback about our security program to inform the business about where we need to improve security to satisfy customers' needs

  • Report and communicate security issues and topics to technical and non-technical audiences, ranging from individual contributors to C-suite executives

What you'll bring

  • Experience working in information security, including but not limited to Governance, Risk, and Compliance (GRC); security trust operations; and/or security audit

  • Experience creating effective security awareness training experiences for topics such as (but not limited to) phishing/social engineering, safe data handling, secure software development, etc.

  • Experience supporting security compliance programs or operations involving frameworks such as ISO 27001, NIST CSF, PCI DSS, FedRAMP, CSA STAR, SIG/SCA, SOC 2 Type II, etc.

  • Knowledge of modern security problems and solutions for endpoint security, network security, cloud security, application security, identity & access management, vulnerability management, threat detection, and/or incident response

  • Strong focus and desire to impact together with your direct and cross-functional teammates at Rapid7

  • Excellent time management and prioritization skills with a strong ability to plan, prioritize, and execute projects independently or in coordination with other teams

  • Excellent ability to communicate to technical and non-technical audiences with a positive, collaborative, and enablement-focused attitude

  • Insatiable curiosity and desire to challenge conventional approaches to solving problems


  • Experience implementing and operating technical security controls/tools in the context of vulnerability management, incident response, cloud security, application security, etc.

Equal Opportunity Employer 

Here at Rapid7, we fundamentally believe that every person deserves an equal opportunity to build an exceptional career! We embrace our similarities, celebrate our differences and strongly believe that EVERYONE has the right to be treated with respect and dignity. We have a ZERO tolerance policy for discrimination based on race, ethnicity, religion, gender, sexual orientation, gender identity, national origin, disability, veteran status, marital status, or any other status protected under federal, state, or local law. More importantly though, we just fundamentally believe it's the right way to build a business and healthy community. We pride ourselves on our unique culture and our commitment to diversity, equity, and inclusion--it is the stitch that holds the fabric of our culture together!