Governance, Risk & Compliance (GRC) Analyst
About The Position
Ivo is an AI-powered contract review and legal technology company transforming how organizations review, negotiate, and manage contracts. Security, privacy, and trust are foundational to our platform and customer relationships. As we continue to scale, we are looking for a highly motivated Governance, Risk & Compliance (GRC) Analyst to support and mature Ivo's security compliance and risk management programs. Ivo is seeking a detail-oriented and proactive GRC Analyst to support the company's compliance, risk management, and security assurance initiatives. This role will play a key part in maintaining and enhancing Ivo's compliance programs, including SOC 2 Type II, ISO 27001, CSA STAR, and ISO/IEC 42001. The ideal candidate has experience supporting security audits, managing evidence collection, conducting risk assessments, maintaining policies and procedures, and partnering cross-functionally with engineering, IT, legal, HR, and business stakeholders. This is a fully onsite role based out of Ivo's San Francisco headquarters to support close cross-functional collaboration with Security, Engineering, IT, and Operations teams.
Requirements
- 3–5 years of experience in Governance, Risk & Compliance (GRC), Information Security, IT Audit, or related field.
- Hands-on experience supporting SOC 2 Type II, ISO 27001, CSA STAR, and in-depth knowledge of ISO/IEC 42001.
- Experience administering or working extensively with Vanta or similar GRC/compliance automation platforms.
- Experience managing and maintaining a customer-facing Trust Center, including security documentation, compliance artifacts, sub-processor disclosures, and customer assurance materials.
- Strong understanding of information security principles and common security controls.
- Experience with audits, evidence management, and customer security reviews.
- Excellent written and verbal communication skills.
- Strong attention to detail and accountability.
- Collaborative mindset with strong cross-functional communication skills.
- Ability to translate compliance requirements into practical operational processes.
- Interest in emerging AI governance and security frameworks.
- Self-starter mentality with a continuous improvement mindset
Nice To Haves
- Experience working at a SaaS or AI company.
- Familiarity with GDPR, CCPA, privacy regulations, and third-party risk management.
- Knowledge of cloud environments such as GCP, AWS, or Azure.
- Relevant certifications such as Security+, CISA, CRISC, CCSK, or ISO 27001 Lead Implementer/Auditor.
Responsibilities
- Support and coordinate Ivo's compliance programs including SOC 2 Type II, ISO 27001, CSA STAR, and ISO/IEC 42001.
- Assist with annual audits, surveillance audits, and customer security assessments.
- Coordinate evidence collection and maintain audit readiness across teams.
- Support and maintain Ivo's Vanta GRC platform and associated compliance workflows.
- Monitor automated compliance evidence collection and control monitoring within Vanta.
- Perform vendor and third-party risk assessments.
- Support enterprise risk management and risk register maintenance.
- Maintain and update security policies, standards, and procedures.
- Support AI governance and responsible AI compliance initiatives.
Benefits
- Competitive salary ($125k - $150K) and equity package.
- Comprehensive health, dental, and vision coverage.
- Flexible PTO.
- Collaborative onsite work environment (5 days) at Ivo's San Francisco headquarters.
- Opportunity to help shape the security and compliance foundation of a rapidly growing AI company.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
