GRC Analyst

FluidstackNew York, NY
$200,000 - $270,000

About The Position

Fluidstack is seeking a GRC Analyst to join their Security Team. This role is crucial in securing the frontier of AI by building and managing the entire security program from scratch. The GRC Analyst will be responsible for the day-to-day compliance program across multiple frameworks, owning the policy and procedure set, running recurring control operations, driving audit cycles, and scaling the compliance program to new sites and teams. The company emphasizes extreme ownership, velocity, first principles, and a passion for the AI problem space, operating at civilization-scale infrastructure for AI.

Requirements

  • Operated controls and pulled evidence against at least one major framework (SOC 2, ISO 27001, NIST 800-53, or FedRAMP) through a real audit, not just read the policy.
  • Owned a compliance documentation set, policies, procedures, and control narratives, and kept it current as the environment changed underneath you.
  • Sat across from an auditor or assessor, defended how a control runs in practice, and closed findings without escalating every question upward.
  • Get evidence and adherence out of busy engineers, system owners, and employees across the org, on time, without a manager pushing you to do it.
  • Catch a stale control, an expired access grant, or a coverage gap before an assessor does, because you watch the portfolio continuously, not once a quarter.
  • Translate a control requirement into the exact artifact that proves it, and keep that mapping tight across overlapping frameworks instead of collecting the same evidence twice.

Nice To Haves

  • FedRAMP Moderate equivalency or NIST 800-53 evidence work.
  • GRC platforms (Vanta) or comparable continuous-compliance tooling.
  • Cloud, GPU, or data center environments.
  • Mapping controls across SOC 2, ISO 27001, and NIST in parallel.

Responsibilities

  • Run the day-to-day compliance program end to end across SOC 2 Type II, ISO 27001, NIST 800-53, and FedRAMP Moderate equivalency: continuous evidence collection, control monitoring, and audit readiness held on GRC platforms (Vanta) and the tooling we build in-house.
  • Own the policy and procedure set: draft, maintain, and run the review cycle so documentation keeps pace with the controls as the program grows.
  • Run recurring control operations on cadence, access reviews, control owner attestations, and evidence refreshes, chasing system owners and employees across the org directly to get them done on time.
  • Drive audit and assessment cycles with external auditors and assessors and manage the POA&M to closure, tracking each finding to a named owner and milestone so nothing ages past its deadline.
  • Bring each new site and team into the compliance program as we scale, mapping their systems to existing controls so coverage stays consistent instead of fragmenting facility by facility.

Benefits

  • Competitive total compensation package (salary + equity).
  • Retirement or pension plan, in line with local norms.
  • Health, dental, and vision insurance.
  • Generous PTO policy, in line with local norms.
  • Stock options.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service