Junior Governance, Risk, and Compliance (GRC) Associate

TAXWELL•Haverford, PA

14d

About The Position

Taxwell helps everyday Americans get every tax advantage they deserve by finding credits and deductions they never even knew existed. Our tax preparation software offers easy guidance and ensures your maximum tax refund. We strive to build a team of like-minded experts in both tax and technology who align with our brand purpose, are advocates for our customers and have a fresh, non-traditional approach to the tax industry. Taxwell is a leading digital tax filing platform formed in 2022 from the combination of Drake Software® and TaxAct®. These two longstanding organizations offer customers professional and do-it-yourself digital and downloadable products that are easy-to-use, best-in-class technology, and provide unparalleled customer support. Taxwell brands are a trusted solution for all users including those with complex tax returns. We strive to attract and retain candidates who exemplify our values: performance, perseverance, progress and partnership. Taxwell is an organization of forward thinkers looking to add industry experts to our growing team. We are seeking a motivated and detail-oriented Junior Governance, Risk, and Compliance (GRC) Associate to support our Information Security and Privacy programs. This role is ideal for individuals looking to build a strong foundation in compliance operations and data privacy management. The Junior GRC Associate will assist with hands-on, process-driven activities related to vendor risk assessments, Data Subject Access Requests (DSARs), and cookie compliance testing.

Requirements

Bachelor’s degree in Information Security, Computer Science, Business, or a related field (or equivalent experience).
0–2 years of experience in a GRC, compliance, or security operations environment (internships welcome).
Strong attention to detail and ability to follow structured workflows.
Excellent written and verbal communication skills.
Ability to collaborate effectively with IT, Legal, and Security teams.

Nice To Haves

Familiarity with data privacy concepts (e.g., GDPR, CCPA) preferred.

Responsibilities

Vendor Risk Reviews Assist with manual reviews of third-party vendors to evaluate security and compliance posture.
Collect and validate vendor documentation (e.g., SOC reports, ISO certifications, security questionnaires).
Maintain and update vendor records within GRC platforms.
Data Subject Access Requests (DSAR) Support the intake and processing of DSARs in accordance with privacy regulations (e.g., GDPR, CCPA).
Coordinate with internal stakeholders to gather necessary data and ensure timely, accurate responses.
Maintain documentation and workflows to support audit readiness.
Cookie & Website Compliance Testing Perform manual cookie scans and verify compliance against privacy requirements.
Record findings and escalate potential issues or misconfigurations.
Partner with privacy and web teams to ensure cookies are properly categorized and disclosed.
General GRC Support Assist with maintaining internal compliance documentation, tracking control evidence, and supporting audits.
Contribute to improvements in GRC processes, workflows, and tools.
Support additional compliance or risk initiatives as needed.