The GRC Analyst is a key member of BambooHR’s GRC team responsible for evaluating and supporting compliance initiatives covering information security, policy, risk management, data classification, vendor management, privacy, audit, and awareness. This position assists other members of the GRC team with implementing information security policies and documentation, assessing compliance with existing policies, and ensuring overall compliance with security-related requirements from customers. In addition, this position assists with performing security assessments and monitoring and tracking compliance status; developing and improving processes, procedures, standards, and guidance; providing guidance on security control implementation; and implementing process improvement and maturity initiatives. The position will also assist in evaluating risks and controls to support the company’s NIST CSF, ISO 27001, ISO 27018, ISO 42001, SOC 1, SOC 2, HITRUST, FedRAMP, and other regulatory and compliance initiatives. Success in this role requires a good understanding of information security best practices, strong security knowledge, the ability to understand and communicate risk and controls, organization, planning, good communication, and writing skills.