Security GRC Analyst

SalesforceSan Francisco, CA

About The Position

The Security GRC (Governance, Risk, and Compliance) Analyst role is part of our Security and Compliance team, sitting at the intersection of internal operations and external audit relationships. We are looking for a detail-oriented GRC Analyst to lead our Unified Audit program — keeping us compliant, audit-ready, and continuously improving across multiple frameworks. As a key partner to control owners and external auditors alike, you will help ensure our compliance programs run smoothly and that our certifications stay strong.

Requirements

  • 2–4 years of experience in GRC, compliance, audit, or information security, with hands-on experience supporting or managing compliance audits.
  • Working knowledge of at least two of the following: SOC 2, HIPAA, ISO 27001, or GxP frameworks.
  • Proficient with GRC tools, audit management platforms, and documentation systems (Microsoft Office Suite or Google Workspace).
  • Communicate clearly with both technical and non-technical stakeholders and thrive managing multiple concurrent deadlines.

Nice To Haves

  • Hold one or more relevant certifications such as CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control), CISSP (Certified Information Systems Security Professional), or ISO 27001 Lead Auditor/Implementer.
  • Experience with unified or integrated audit programs, or a background in healthcare or life sciences.
  • Hands-on experience with GRC platforms such as Drata, Vanta, OneTrust, or ServiceNow GRC.
  • Worked directly with external audit firms in a compliance or security capacity.

Responsibilities

  • Lead the end-to-end Unified Audit program across SOC 2 (Service Organization Control 2), HIPAA (Health Insurance Portability and Accountability Act), ISO (International Organization for Standardization) 27001, and GxP (Good Practice) frameworks, coordinating schedules and minimizing duplication across certifications.
  • Manage internal evidence collection by assigning tasks to control owners, tracking deadlines, validating submissions, and conducting pre-audit gap reviews.
  • Serve as the primary liaison with external auditors — scheduling walkthroughs, responding to information requests, and coordinating responses to findings.
  • Maintain compliance dashboards, standard operating procedures, and documentation repositories to support continuous monitoring and audit readiness.

Benefits

  • time off programs
  • medical
  • dental
  • vision
  • mental health support
  • paid parental leave
  • life and disability insurance
  • 401(k)
  • employee stock purchasing program
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service