Senior Governance, Risk & Compliance (GRC) Analyst

Nasuni•Boston, MA

14h•Hybrid

About The Position

Nasuni is seeking a Senior GRC Analyst to strengthen and scale its governance, risk, and compliance programs across a fast-growing, AI-ready SaaS platform. This role involves owning critical audit, risk, and policy initiatives that directly impact customer trust, regulatory posture, and business scalability. The analyst will operate at the intersection of security, engineering, legal, and operations, ensuring controls are effective, auditable, and continuously improving. This position is ideal for someone who has led audit and risk programs end-to-end and is motivated to modernize GRC through automation and intelligent tooling. Nasuni is the unstructured data foundation for enterprise teams and the AI that supports them. As a Vista-backed SaaS data infrastructure company, Nasuni helps organizations manage, protect, and activate massive volumes of file data, transforming it into secure, AI-ready assets for innovation and growth. The unified File Data Platform eliminates infrastructure silos and enables global collaboration, resilience, and intelligent automation at scale. Working at Nasuni means contributing to a platform trusted by enterprises worldwide, solving complex challenges at the intersection of cloud, security, and AI, and growing expertise in modern, AI-enabled data infrastructure.

Requirements

5–9 years in GRC, security compliance, or risk within SaaS/cloud environments
Direct ownership of SOC 2 and/or ISO 27001 audits
Experience managing control frameworks and audit evidence lifecycle
Strong understanding of risk assessment methodologies
Proven ability to drive remediation across cross-functional teams
5–9 years total experience
2+ years directly owning audits or compliance programs
Experience operating in environments with multiple concurrent audits

Nice To Haves

Experience with third-party risk programs
Familiarity with GRC tools (Vanta, Drata, LogicGate, OneTrust)
Experience in high-growth SaaS or PE-backed environments
Certifications: CISA, CISM, CISSP, CRISC, ISO 27001 Lead
Experience scaling GRC programs or implementing automation
Exposure to HIPAA, GDPR, or NIST frameworks

Responsibilities

Lead SOC 1, SOC 2, ISO 27001 audits end-to-end (planning → evidence → remediation)
Partner with auditors and internal teams to ensure timely, accurate audit delivery
Track and drive remediation of control gaps with accountable owners
Own lifecycle of security policies, standards, and control documentation
Align policies to evolving regulatory and business requirements
Facilitate cross-functional policy reviews and approvals
Conduct enterprise risk assessments and maintain risk register
Partner with business leaders to prioritize and mitigate risk
Deliver risk insights and reporting to leadership for decision-making
Own vendor risk assessments, onboarding, and periodic reviews
Build scalable due diligence and monitoring processes
Partner with procurement and legal on vendor risk decisions
Lead security awareness and training programs (phishing, compliance training)
Measure effectiveness and continuously improve engagement
Manage GRC platforms (e.g., Vanta, Drata, OneTrust)
Identify and implement automation opportunities in evidence collection, risk tracking, and reporting
Leverage AI tools to improve control monitoring, audit readiness, and workflow efficiency