Senior GRC Analyst

About The Position

Requirements

• 3–6 years of hands-on GRC experience, ideally in a fast-moving tech or life sciences environment
• Direct experience working in Jira as a compliance or GRC tool — not just a project management tool; you should understand issue types, custom fields, bulk operations, and reporting
• Working knowledge of at least two of: HITRUST CSF, ISO 27001, NIST 800-171/CMMC, SOC 2, HIPAA
• Experience running vendor risk assessments — intake to decision — not just filling out questionnaires
• Comfort with AI-assisted work: you should already be using tools like Claude or ChatGPT to accelerate your GRC work, not learning to do so for the first time
• Strong written communication — you'll be producing evidence narratives, audit responses, and control documentation that external auditors and regulators will read
• Ability to operate with high autonomy; the CISO will provide direction but not day-to-day supervision

Nice To Haves

• CISA, CRISC, CISM, or equivalent certification
• Experience with privacy program operations (CCPA, GDPR, DSR workflows)
• Familiarity with Drata, Vanta, or similar compliance automation platforms
• Experience supporting a portfolio company or multi-entity compliance program

Responsibilities

• Own day-to-day execution of the GRC system of record in Jira — maintaining control records, updating compliance status, logging implementation and auditor notes, and keeping the SOR current across all active frameworks
• Run TPRM assessments end-to-end: intake, questionnaire review, risk scoring, CISO decision documentation, and post-approval tracking
• Coordinate audit evidence collection and control testing activities across HITRUST, ISO 27001, SOC 2, and NIST 800-171 frameworks, working directly with the external audit firm
• Maintain the compliance calendar and drive sprint-by-sprint execution against framework deadlines
• Manage sub-processor and DPA tracking for portfolio company privacy programs, including gap identification and remediation follow-up
• Support DSR and privacy program operations, including data inventory maintenance and deletion workflow tracking
• Build and maintain GRC automation using AI tools (Claude, Jira automation, Zapier) to reduce manual burden on recurring compliance tasks
• Produce clear, accurate reporting on compliance posture for the CISO and cross-functional stakeholders

Benefits

• Flagship Pioneering currently offers healthcare coverage, annual incentive program, retirement benefits and a broad range of other benefits.