GRC Analyst

About The Position

Requirements

• Bachelor’s or Graduate degree in Cybersecurity, Information Systems, or a related field, or relevant job experience.
• 1-3 years of relevant experience (cybersecurity, audit, risk, compliance, GRC).
• Solid understanding of fundamental security and IT concepts (access controls, data retention, change management, etc.).
• Familiarity with major security and privacy frameworks (ISO, NIST, SOC 2, HIPAA, etc.).
• Strong critical thinking, organization, and communication skills.
• Ability to balance multiple projects and deadlines with exceptional follow-through.
• Technical aptitude — you’re curious, you learn fast, and you don't shy away from new tools.
• A passion for cybersecurity and a commitment to helping companies build safer, stronger environments.
• Strong understanding of global data protection laws and regulations (e.g., GDPR, CCPA) and their technical implications.
• Strong analytical, problem-solving, and communication skills, with the ability to work effectively across cross-functional teams.

Nice To Haves

• Industry certifications (e.g., CISSP, CISA, CISM) are a plus.

Responsibilities

• Assist in identifying, assessing, and tracking risks across IT and enterprise functions.
• Maintain risk register in GRC and CRQ tools, ensuring business understanding of all existing risks.
• Perform threat modeling across different business applications.
• Support maintenance of the enterprise risk register and dashboards used by leadership.
• Help draft, organize, and maintain policies, standards, and procedures.
• Analyze, recommend, and implement security best practices.
• Support compliance awareness campaigns and training that promote a culture of risk accountability.
• Learn and assist in mapping controls to frameworks such as SOC2, NIST CSF, COBIT, ISO 27001, GDPR, CCPA, and ISO 42001.
• Crosswalk and harmonize controls across multiple compliance frameworks.
• Support tracking and validation of control effectiveness through GRC tools or reports.
• Partner with security leadership to prepare reports, metrics, and presentations for management.
• Contribute to meetings with stakeholders across Legal, Finance, IT, and Operations.
• Work with sales teams to respond to customer questionnaires for RL Security.
• Responsible for reviewing vendor risk profiles and approving vendors for use at RocketLawyer.
• Provide day-to-day administrative and research assistance to the security team.
• Demonstrate initiative, curiosity, and a commitment to learning risk and compliance fundamentals.
• While GRC is the primary focus of this role, Rocket Lawyer’s security team must be nimble and cross-trained across multiple disciplines.
• You will likely be asked to learn tools that are not focused on GRC to provide backup if other team members are not around, or to just expand your knowledge and provide additional coverage.
• All team members are expected to join team calls and contribute to the team’s overall success, regardless of whether a given topic is specific to their titled role.

Benefits

• Comprehensive health plans (including Medical, Dental, and Vision insurance for full-time employees)
• Unlimited PTO
• Competitive salary packages
• Life insurance
• Disability benefits
• Supplemental Optional Life Insurance Benefits
• FSA Options Optional
• HSA with Company Match
• 401k program with Company Match
• Wellhub & ClassPass fitness platforms
• Comprehensive Pet Insurance options
• Financial Wellbeing & Student Loan Program access
• Access to additional Mental Health & Wellbeing resources
• Pre-tax Commuter/Transit Benefits
• Free Rocket Lawyer account with online access to an extensive legal documents library and brilliant licensed attorneys at discounted rates.