Own and scale commercial attestation program and audits (i.e., SOC 2, ISO 27001, PCI DSS, etc.) while maintaining alignment with business objectives and market demand.
Design and strengthen continuous monitoring processes to improve control effectiveness and mature control implementation from audit-ready to always-ready.
Drive evolution of security and compliance control frameworks that set the direction for proactive risk management.
Partner with cross-functional stakeholders, acting as a strategic connector to plan, implement, maintain & remediate control activities and supporting requirements (e.g. policies, standards, processes, system configurations, etc.)
Champion a culture of compliance accountability and business-enablement across the organization through autonomous program governance and reporting and building trusted relationships.

Experience managing and running audits, certification programs and enterprise control assessments, including scope planning, defining requirements, policy and standards development, and control testing
Deep knowledge of audit processes, evidence requirements, and remediation lifecycle management for security and compliance frameworks (i.e., SOC 2, ISO 27001, PCI DSS)
Proven experience owning large-scale GRC programs, collaborating with technical and non-technical teams and driving initiatives to completion

Competitive compensation package, including equity.
Inclusive Healthcare Package.
Learn and Grow
we provide mentorship and send you to events that help you build your network and skills.
Flexible Time Off.
We will provide you the gear you need to do your role, and a WFH budget for you to outfit your space as needed.

Staff GRC Analyst

Key skills