GRC Analyst, Operations & Risk

About The Position

Requirements

• 2+ years of experience in GRC, third-party risk management, security compliance, IT audit, risk management, vendor management, or a related function
• Experience supporting third-party risk assessments, vendor security reviews, audit readiness, compliance operations, risk remediation tracking, or similar activities
• Strong operational discipline, including the ability to manage competing requests, track open items, follow up with stakeholders, and drive work to closure
• Strong written communication skills, with the ability to document clear status updates, risk summaries, follow-up requests, escalation notes, and process guidance
• Ability to coordinate effectively across cross-functional stakeholders, including Security, Legal, Privacy, Procurement, Engineering, IT, Finance, and business owners
• Familiarity with common security and compliance frameworks such as SOC 2, ISO 27001, NIST CSF, GDPR, PCI, or similar frameworks
• Comfort working in Jira, GRC platforms, ticketing systems, spreadsheets, workflow tools, dashboards, or operational reporting systems
• Ability to identify process gaps, navigate ambiguity, escalate appropriately, and turn unclear requests into actionable next steps
• Bachelor’s degree in Information Security, Computer Science, Business, Risk Management, or a related field, or equivalent practical experience
• Strong commitment to embracing and leveraging AI tools in day-to-day tasks, ensuring AI-assisted work aligns with the same high-quality standards as personal contributions.

Nice To Haves

• Relevant certifications such as Security+, CISA, CRISC, CISM, CISSP, ISO 27001, or GRC-related certifications are a plus, but not required

Responsibilities

• Support day-to-day GRC program operations, including intake management, request prioritization, workflow routing, ticket tracking, escalation management, and completion follow-up
• Perform and support third-party risk management activities, including vendor reviews, reassessments, partner coordination, remediation tracking, and cross-functional follow-up with Security, Legal, Privacy, Procurement, IT, Finance, and business owners
• Assist with risk management activities, including risk assessments, risk documentation, mitigation tracking, risk register hygiene, owner follow-up, and treatment plan coordination
• Support compliance monitoring and audit readiness activities, including evidence collection, preliminary reviews, control-owner coordination, remediation tracking, and compliance calendar activities
• Analyze intake data, workflow trends, recurring stakeholder questions, and handoff gaps to identify opportunities to improve guidance, templates, reporting, automation, SOPs, and cross-functional ways of working
• Coordinate security awareness and training activities, including completion tracking, evidence collection, employee follow-up, and support for annual or role-based training initiatives
• Help maintain visibility into GRC workload, priorities, ownership, service levels, operational metrics, and recurring process improvement opportunities
• Support continuous improvement across GRC tooling, intake forms, trackers, reporting, control monitoring, workflow design, and responsible automation initiatives

Benefits

• Meaningful equity
• Generous equity package