Senior GRC Analyst
About The Position
We’re seeking a GRC Analyst to support the day-to-day execution of our Governance, Risk, and Compliance program. Reporting to the Head of GRC, this role focuses on operational compliance activities; including user access reviews, evidence collection, customer trust support, and vendor risk management. You’ll play a key role in maintaining our continuous compliance posture by supporting audits, updating policies, responding to customer security inquiries, and helping improve processes within our GRC platform. The ideal candidate is detail-oriented, organized, and proactive, with a strong interest in improving efficiency through automation and AI tools.
Requirements
- 5-7 years of experience in GRC, information security, IT audit, or a related compliance role
- Foundational knowledge of compliance frameworks such as SOC 2, ISO 27001, HIPAA, or NIST CSF
- Experience working with GRC platforms (Vanta preferred; Drata, AuditBoard, or similar tools also valued)
- Hands-on experience performing user access reviews, vendor risk assessments, or audit support activities
- Familiarity with customer security questionnaires and customer trust processes
- Comfort using AI tools (e.g., Gemini, Claude, Copilot) to improve efficiency in day-to-day work
Nice To Haves
- Certifications such as Security+, CISA (in progress), or ISO 27001 foundations
- Exposure to cloud environments (GCP preferred; AWS/Azure helpful)
- Experience with policy management or security awareness training tools
- Interest in AI governance, risk, or emerging compliance frameworks
Responsibilities
- Supporting User Access Reviews (UARs) across systems and applications on a recurring schedule
- Monitoring completion of security awareness training and following up with teams as needed
- Assisting in maintaining and updating organizational security policies and standards
- Supporting third-party security assessments and vendor risk management processes
- Collecting, organizing, and preparing audit evidence for SOC 2, ISO 27001, HIPAA, and other frameworks
- Partnering with internal teams to ensure evidence is accurate, current, and audit-ready
- Responding to customer security questionnaires and due diligence requests with guidance from senior team members
- Maintaining and updating audit and compliance documentation
- Supporting updates and improvements within the GRC platform, including control tracking and workflows
- Identifying opportunities to streamline and improve GRC processes
- Leveraging AI tools to streamline GRC activities, including drafting responses, summarizing evidence, and enhancing program documentation
- Tracking compliance tasks and supporting reporting on control health and program status
Benefits
- Competitive compensation and equity packages
- Restricted Stock Units
- Paid time off, paid holidays & leave of absence programs
- Comprehensive health, dental & vision insurance
- Employer contributions to HSA account
- Paid parental leave
- Paid life insurance, short-term and long-term disability
- Professional development & tuition reimbursement
- Mental health & wellness support
- Commuter benefits (parking & transit)
- Cell phone stipend
- 401(k) Retirement plan with company match up to 4% of salary
- Volunteer time off
- Global travel insurance & emergency assistance
- Daily meals allowance
- Additional perks & programs specific to location
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
Number of Employees
251-500 employees
