Platform overview
Checkmarx One
Agentic AI
Checkmarx One Assist
AI-powered Agentic AppSec agents preventing and remediating threats autonomously.
Developer Assist
Developer-first AI agent for instant vulnerability prevention and fix.
Posture
ASPM
Unified visibility, control and prioritization across your entire AppSec posture.
PARTNERSHIPS & INTEGRATIONS
Partner Programs
Building stronger AppSec ecosystems through trusted partnerships.
Find a Partner
Discover certified partners to accelerate your AppSec journey.
SOLUTIONS FOR
Code
Supply Chain
Cloud
Services
Developer-first Al agent preventing and remediating vulnerabilities instantly in IDE.
Triage & Remediation
Resolve security findings as fast as development moves
SAST
Market-leading, developer-friendly static application security testing and analysis
DAST
Developer tailored dynamic application scanning for efficient security issues remediation.
API Security
Enterprise scale API security scanning for early detection of critical vulnerabilities.
AI Supply Chain Security
Discover, assess, and govern AI components across your software supply chain – from LLMs and agent frameworks to MCP servers and datasets
SCA
Identify, prioritize, and remediate open-source vulnerabilities, malicious code, and license risks.
Malicious Package Protection
Reveal and eliminate malicious open-source packages using industry’s largest database.
Repository Health
Enhance security with full visibility into code repository health.
Software Supply Chain Security
Protect your entire software supply chain with industry-leading security across legacy, open source, and Al-generated code.
Container Security
Secure containerized applications across SDLC, from code to cloud runtime.
laC Security
Secure cloud infrastructure via advanced scanning and vulnerability detection.
Premium Support
Enhance security outcomes and ROl with proactive, expert technical support.
Premium Services
Accelerate AppSec program success while maintaining seamless developer experience.
Maturity Assessment
Assess your AppSec maturity and unlock actionable improvement steps.
Why Checkmarx
Customer Stories
Awards
Industry Recognition
Integrations
For the Public Sector
COMPARE CHECKMARX
vs. Snyk
vs. GitHub
vs. Veracode
vs. Fortify
vs. Black Duck
vs. Semgrep
vs. Wiz
vs. Endor Labs
RESEARCH
Checkmarx Zero
Research Blog
Disclosed Vulnerabilities
Open-Source Tools
Resources
Analyst Reports
Product Demos
Solution Briefs
Videos
Webinars
Whitepapers
LEARN
Blog
Documentation
Glossary
Knowledge Hub
Customer Enablement
The 2025 Gartner® Magic Quadrant™ for Application Security Testing
Read more
IDC MarketScape for ASPM 2025
The Forrester SAST Wave 2025
Checkmarx One Solution Brief
COMPANY
About Us
Brand Kit
Leadership
Press Releases
Newsroom
Events
Careers
PARTNERS
Partner Directory
Become a Partner
GET IN TOUCH
Support Portal
Contact Us
Position
Checkmarx is the enterprise application security leader and the host of Checkmarx One™ — the industry -leading cloud-native AppSec platform that helps enterprises build #DevSecTrust.
Who are we?
Checkmarx is the leader in application security and ensures that enterprises worldwide can secure their application development from code to cloud. Our consolidated platform and services address the needs of enterprises by improving security and reducing TCO, while simultaneously building trust between AppSec, developers, and CISOs. At Checkmarx, we believe it's not just about finding risk, but remediating it across the entire application footprint and software supply chain with one seamless process for all relevant stakeholders. We are honored to serve more than 1,800 customers, which includes 40 percent of all Fortune 100 companies including Siemens, Airbus, SalesForce, Stellantis, Adidas, Wal-Mart and Sanofi.
What are we looking for?
We are looking for a proactive and analytical GRC Analyst to join our CISO team. In this role, you will play a key role in advancing our risk management program, identifying, assessing, monitoring, and reporting organizational risks across technology, product, operational, and third-party domains.
The analyst will collaborate with cross-functional stakeholders to ensure effective risk mitigation strategies, strong governance practices, and alignment with regulatory and industry standards. This role also includes translating technical and operational risks into business impact to support informed decision-making by senior leadership. You will support internal and external audits (SOC 2 Type II, ISO 27001), contribute to continuous control monitoring efforts, and promote a culture of risk ownership and security awareness across the organization.
How will you make an impact?
Risk Management & Governance:
• Maintain and continuously improve the Enterprise Risk Management framework.
• Facilitate enterprise-wide risk assessments across business units.
• Develop and maintain risk taxonomy, scoring methodology, and risk registers.
• Define and monitor Key Risk Indicators (KRIs) and risk metrics.
• Conduct control effectiveness reviews in partnership with control owners.
• Support risk assessments related to cloud, SaaS, AI, and emerging technologies.
Compliance & Assurance:
• Ensure compliance with relevant laws, regulations, and standards (e.g., SOC 2, ISO 27001, NIST, GDPR)
• Support internal and external audits, including evidence collection, documentation preparation, and stakeholder coordination
Program Development & Collaboration:
• Collaborate with cross-functional teams, including Legal, Procurement, R&D, and IT, to address GRC-related matters
• Assist in the continuous improvement of GRC programs and initiatives
• Contribute to automation and optimization of GRC tooling and workflows
• Promote a culture of security, compliance, and risk awareness.
What is needed to succeed?
· Bachelor’s degree in Information Security, Computer Science, Risk Management, or related field
· 2+ years of experience in GRC, enterprise risk management, or information security roles
· Experience supporting SOC 2 and/or ISO 27001 audits
· Working knowledge of privacy regulations and information security frameworks (e.g., NIST, CIS, ISO 27001, GDPR)
· Experience with GRC platforms or risk management tools (e.g., OneTrust, ServiceNow, Archer) is an advantage
· Familiarity with cloud security concepts (AWS, Azure, GCP) and SaaS environments
· One or more of the following Certificates (Highly desirable): CISSP, CRISC, CISA, CISM, CGRC
Checkmarx offers a great work environment, professional development, challenging careers, competitive compensation, great work-life balance, as well as great benefits and perks throughout the year. Checkmarx is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, or other characteristics protected by law.
Apply here
