GRC (Governance, Risk, and Compliance) Analyst - Remote

Overview

The Security team is seeking a GRC Analyst to strengthen and evolve our security, compliance, and risk management program with a strong emphasis on SOC 2 readiness, security compliance with laws and regulations, vendor risk management, and security questionnaires.

In Short

• Support execution of SOC 2 program and manage evidence collection.
• Conduct vendor security reviews and respond to client security questionnaires.
• Collaborate with internal teams, auditors, and external partners.
• Maintain and update security policies and documentation.
• Own the third-party risk management process.
• Ensure compliance requirements are tracked and managed.
• Document risks and remediation plans.
• Manage compliance evidence repositories.
• Communicate security topics clearly to stakeholders.
• Support risk assessments across teams and projects.

Requirements

• 2–4 years of experience in GRC, security compliance, or audit roles.
• Direct experience with SOC 2 programs and vendor risk management.
• Understanding of frameworks like NIST CSF and ISO 27001.
• Detail-oriented with strong organizational skills.
• Ability to manage multiple projects and meet deadlines.
• Clear communication skills for technical and non-technical topics.
• Relevant certifications (CISA, CISSP, etc.) are valued.
• Bachelor’s degree in Information Security or related field.

Benefits

• Flexible work hours and vacation.
• Generous 401K match.
• Parental leave and wellness budget.
• Growth based on impact, not tenure.
• Culture built on ownership and collaboration.