Senior Security Goverance Analyst

US - VA - Arlington


US - VA - Arlington, FL Tampa, MA Boston, TX Austin


Information Security

At Rapid7, we're on a mission to close the security achievement gap for our customers by simplifying the complex through shared visibility, analytics, and automation that unite teams around challenges and successes of cybersecurity. Our products and services empower over 9,100 customers across over 120 countries to seamlessly build security into the heart of their organizations. 

Our internal Trust & Security Governance team within our Information Security department plays a crucial role in supporting our mission. We ensure we meet our duty of care to our customers, employees, and shareholders by creating effective governance for upholding internal security policies, distributing foundational security expertise across every department to create a strong security culture, and bolstering customer and community trust by providing accessible and transparent information about our internal security program. This role partners closely with other InfoSec teams, Legal, Procurement, and many other teams at Rapid7.

We're looking for a Senior Security Governance Analyst to help advance our Trust & Security Governance programs, helping us evolve security policies and standards, streamlining our customer security inquiry response program, and performing security risk assessment activities. We are in search of a team member who can apply their security expertise to rapidly mature a company-wide security governance program. The candidate will be positioned to have a direct impact on customers' understanding of our information security security program. The candidate should show strong interest in creating a company-wide security culture. Rapid7 fosters a collaborative environment to seek out and embrace feedback from various perspectives. 

What you'll do

  • Partner with various business and technical teams to curate content in our customer security inquiry knowledge base

  • Coordinate and respond to customer security inquiries, due diligence questionnaires

  • Continuously mature Trust processes through automation, self-service functionality, and process streamlining to shorten our Sales cycle and our customers' due diligence cycles

  • Maintain and evolve security whitepapers, security content in product help documentation, and Rapid7's Trust site to create an excellent experience for customers and the community when trying to gauge our security capabilities

  • Assist with implementing the information security continuous control monitoring framework

  • Develop broad knowledge on the implementation of Rapid7's security controls, policies, and processes across our products and corporate environments

  • Build positive relationships with partner teams in Marketing, Legal, Sales, Business Operations, People Development, and other teams to continuously improve our internal security culture and external awareness of Rapid7's security program

  • Help create metrics to demonstrate the efficiency and effectiveness of our Trust program and to inform continuous program improvements

  • Monitor organizational adherence to various external compliance framework requirements

  • Perform risk analysis on various information security topics

  • Report and communicate security issues and topics to technical and non-technical audiences, ranging from individual contributors to C-suite executives

What you'll bring

  • Experience working in organizational Governance, Risk, and Compliance (GRC) operations; security trust operations; and/or IT/security audit

  • Experience supporting security compliance programs or operations involving frameworks such as ISO 27001, NIST CSF, PCI DSS, FedRAMP, SIG/SCA, SOC 2 Type II, etc.

  • Desire to collaborate with internal and cross-functional teams to positively impact organizational objectives

  • Excellent time management and prioritization skills with a strong ability to plan, prioritize, and execute projects independently or in coordination with other teams

  • Excellent ability to communicate to technical and non-technical audiences with a positive, collaborative, and enablement-focused attitude

  • Insatiable curiosity and desire to challenge conventional approaches to solving problems


  • Experience implementing and operating technical security controls/tools in the context of vulnerability management, incident response, cloud security, application security, etc.

Equal Opportunity Employer 

Here at Rapid7, we fundamentally believe that every person deserves an equal opportunity to build an exceptional career! We embrace our similarities, celebrate our differences and strongly believe that EVERYONE has the right to be treated with respect and dignity. We have a ZERO tolerance policy for discrimination based on race, ethnicity, religion, gender, sexual orientation, gender identity, national origin, disability, veteran status, marital status, or any other status protected under federal, state, or local law. More importantly though, we just fundamentally believe it's the right way to build a business and healthy community. We pride ourselves on our unique culture and our commitment to diversity, equity, and inclusion--it is the stitch that holds the fabric of our culture together!

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.