Serve as a staff level, cross-trained GRC expert across Compliance, Audit, and Risk, partnering with teams to strengthen trust and resilience across the business
Perform control mapping, gap analysis, and remediation tracking across multiple frameworks to proactively reduce audit risk
Partner with engineering, IT, and security teams to translate regulatory requirements into actionable, testable technical controls
Identify and operationalize improvements to the control framework to align with evolving regulatory demands (e.g., NIS2)
Reduce manual audit friction by driving process improvement and leveraging automation (dashboards, workflows, tooling integrations)

Hands-on experience operating within complex cloud or SaaS control environments across major frameworks (NIST 800-53, ISO 27001, PCI-DSS, HIPAA), including practical control testing
Demonstrated ability to independently map regulatory requirements to technical control execution and identify material gaps using sound risk judgment
Experience managing audit evidence collection and remediation tracking during live audit cycles
Effective verbal and written communication skills with proven ability to engage technical stakeholders effectively
Process improvement and automation mindset, with experience leveraging GRC tooling (e.g., Thoropass, AuditBoard, or similar platforms) to improve audit efficiency

Comprehensive health benefits, life and disability insurance, and fertility and family-forming support programs
Generous paid time off, paid holidays, volunteer time off, and quarterly self-care days and no meeting days
Tuition and reading reimbursement programs to support your continuous learning and professional growth
Thrive Global Wellness Program, confidential Employee Assistance Program (EAP), as well as One to One Wellness Coaching
Employee programs—including Employee Resource Groups (ERGs), GoTo Gives, and our charitable matching program—to amplify your connection and impact

Staff GRC Compliance Analyst

Key skills