Senior GRC Analyst

Flagship Pioneering, Inc.Cambridge, MA
$88,000 - $121,000
Match Resume

About The Position

Flagship Pioneering is a scientific innovation engine that invents and builds companies that change the world. We bring together the greatest scientific minds with entrepreneurial company builders and assemble the capital to allow them to take courageous leaps in human health, sustainability, and beyond. What sets Flagship apart is our ability to advance biotechnology by uniting life science innovation, company creation, and capital investment under one roof in a way that is largely without precedent. Our team of scientists, entrepreneurial leaders, and professional capital managers are each aligned around an institutionalized process that enables us to innovate and create breakthroughs for the benefit of people and planet. Many of the companies Flagship has founded have addressed humanity’s most urgent challenges: vaccinating billions of people against COVID-19, curing intractable diseases, improving human health, preempting illness, and feeding the world by improving the resiliency and sustainability of agriculture. Flagship has been recognized twice on FORTUNE’s “Change the World” list, an annual ranking of companies that have made a positive social and environmental impact through activities that are part of their core business strategies, and has been named four times to Fast Company’s annual list of the World’s Most Innovative Companies. About the Role Flagship's GRC program has matured from build to operate. We have a functioning GRC system of record in Jira, active compliance tracks across HITRUST, NIST 800-171, ISO 27001, and SOC 2, and a TPRM workflow in production. What we need now is a hands-on practitioner who can execute against that infrastructure — someone who is as comfortable running a vendor risk assessment in Jira as they are prepping evidence packages for an audit. This is not a policy-writing or director-level role. It is a technical execution role for someone who gets things done.

Requirements

  • 3–6 years of hands-on GRC experience, ideally in a fast-moving tech or life sciences environment
  • Direct experience working in Jira as a compliance or GRC tool — not just a project management tool; you should understand issue types, custom fields, bulk operations, and reporting
  • Working knowledge of at least two of: HITRUST CSF, ISO 27001, NIST 800-171/CMMC, SOC 2, HIPAA
  • Experience running vendor risk assessments — intake to decision — not just filling out questionnaires
  • Comfort with AI-assisted work: you should already be using tools like Claude or ChatGPT to accelerate your GRC work, not learning to do so for the first time
  • Strong written communication — you'll be producing evidence narratives, audit responses, and control documentation that external auditors and regulators will read
  • Ability to operate with high autonomy; the CISO will provide direction but not day-to-day supervision

Nice To Haves

  • CISA, CRISC, CISM, or equivalent certification
  • Experience with privacy program operations (CCPA, GDPR, DSR workflows)
  • Familiarity with Drata, Vanta, or similar compliance automation platforms
  • Experience supporting a portfolio company or multi-entity compliance program

Responsibilities

  • Own day-to-day execution of the GRC system of record in Jira — maintaining control records, updating compliance status, logging implementation and auditor notes, and keeping the SOR current across all active frameworks
  • Run TPRM assessments end-to-end: intake, questionnaire review, risk scoring, CISO decision documentation, and post-approval tracking
  • Coordinate audit evidence collection and control testing activities across HITRUST, ISO 27001, SOC 2, and NIST 800-171 frameworks, working directly with the external audit firm
  • Maintain the compliance calendar and drive sprint-by-sprint execution against framework deadlines
  • Manage sub-processor and DPA tracking for portfolio company privacy programs, including gap identification and remediation follow-up
  • Support DSR and privacy program operations, including data inventory maintenance and deletion workflow tracking
  • Build and maintain GRC automation using AI tools (Claude, Jira automation, Zapier) to reduce manual burden on recurring compliance tasks
  • Produce clear, accurate reporting on compliance posture for the CISO and cross-functional stakeholders

Benefits

  • Flagship Pioneering currently offers healthcare coverage, annual incentive program, retirement benefits and a broad range of other benefits.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Mid Level

Education Level

No Education Listed

Number of Employees

501-1,000 employees

Job Search Resources

Similar Senior GRC Analyst job opportunities

Senior GRC Analyst
Crusoe
Crusoe • San Francisco, CA2d • $130,000 - $150,000
GRC Analyst
Direct Travel
Direct Travel11d • Remote
Cybersecurity Senior Analyst GRC
CenterPoint Energy
CenterPoint Energy • Houston, TX2d
Sr. GRC Analyst
First Entertainment Credit Union
First Entertainment Credit Union • Los Angeles, CA12d • $38 - $47 • Hybrid
GRC InfoSec Analyst
First Entertainment Credit Union
First Entertainment Credit Union • Hollywood, FL10d • $32 - $42 • Hybrid
Sr. GRC Analyst
First Entertainment Credit Union
First Entertainment Credit Union • Hollywood, FL10d • $38 - $47 • Hybrid
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service