Security Compliance Analyst, GRC

Role Overview

• Support and maintain security and compliance programs aligned with frameworks such as NIST, ISO, PCI DSS, and HIPAA
• Assist in maintaining alignment with global privacy regulations (GDPR, CCPA, and similar frameworks)
• Assist in the development, implementation, and maintenance of security, privacy, and AI governance policies, standards, and procedures
• Coordinate and support internal and external audits (e.g., SOX, PCI DSS, SOC 2, ISO, HIPAA)
• Track and manage remediation efforts for identified risks, control gaps, and audit findings
• Support third-party risk management processes, including vendor assessments for AI/ML and data processing providers
• Partner with engineering, data, and AI/ML teams to ensure secure and compliant system and model lifecycle practices
• Maintain and improve GRC tooling (e.g., AuditBoard, Vanta, or similar platforms)
• Monitor regulatory and framework changes (U.S. and international), including emerging AI governance requirements
• Develop and maintain risk registers, control matrices, and compliance documentation
• Conduct risk assessments, including technology, security, privacy, and AI/ML model risk evaluations
• Assist with security, privacy, and responsible AI awareness and training initiatives
• Provide reporting and metrics on risk posture, compliance status, and AI governance maturity

Requirements

• Bachelor’s degree in Cybersecurity, Information Security, Information Technology/Systems, or related field
• 3–5 years of experience in GRC, security compliance, risk management, audit, or related field
• Experience supporting audits and compliance assessments
• Experience with third-party/vendor risk management
• Familiarity with data governance principles (classification, retention, lineage)
• Thorough understanding of risk management methodologies and control frameworks
• Strong communication, documentation, organizational, and analytical skills
• Ability to communicate security, privacy, and AI risk concepts to technical and non-technical stakeholders
• Working knowledge of core frameworks: NIST CSF, PCI DSS, HIPAA, ISO 27001/27002, and global privacy regulations (GDPR, CCPA)
• Foundational understanding of AI/ML systems and associated governance, risk, and compliance considerations (NIST AI RMF, ISO 42001)
• Familiarity with cloud environments (AWS primary, Google Workspace/MS Azure preferred) and modern SaaS architectures
• Experience with GRC tools (AuditBoard, Vanta, Drata, Archer, ServiceNow GRC, or similar) and ticketing/workflow/documentation tools (Jira, Freshservice, Confluence, GitHub, etc.)

Tech Stack

• AWS
• Azure
• Cloud
• Cyber Security
• ServiceNow

Benefits

• Competitive salary & equity compensation for full-time roles
• Unlimited PTO, company holidays, and quarterly mental health days
• Comprehensive health benefits including medical, dental & vision, and parental leave
• Employee Stock Purchase Program (ESPP)
• 401k benefits with employer matching contribution
• Offsite team retreats