Senior GRC Analyst

This is a fully remote position, open to applicants in United States.

📋 Description

• Oversee and enhance information security policies, standards, procedures, control documentation, and associated governance materials.

• Assist in aligning policies and controls with frameworks such as SOC 2, ISO 27001/27002, HITRUST, NIST CSF 2.0, and various customer, regulatory, or security requirements.

• Facilitate policy exceptions, risk acceptances, remediation tracking, control owner follow-ups, and ongoing governance workflows.

• Aid in SOC 2, ISO 27001, and HITRUST readiness, audit preparation, evidence collection, auditor coordination, and management of audit responses.

• Sustain ongoing evidence-gathering and control testing workflows, ensuring that controls function consistently throughout the organization.

• Monitor audit findings, control deficiencies, remediation strategies, ownership, due dates, and closure documentation.

• Assist with risk assessments, control gap evaluations, internal reviews, and upkeep of the risk register.

• Convert technical and security risks into understandable business language, including mitigations, ownership, timelines, and residual risks.

• Manage or assist with customer security questionnaires, RFP security sections, due diligence requests, and trust or compliance documentation.

• Keep reusable questionnaire content, approved responses, compliance artifacts, and customer-facing assurance materials up to date.

• Promote employee security awareness initiatives and develop clear internal guidelines for policies, controls, and compliance responsibilities.

• Assist in vendor security reviews, third-party risk assessments, remediation tracking, risk acceptance documentation, and vendor compliance verification.

• Utilize GRC platforms such as Vanta, Drata, Thoropass, Secureframe, or similar tools to enhance evidence collection, control monitoring, task tracking, reporting, and efficient compliance operations.

⛳️ Requirements

• A minimum of 5 years of experience in GRC, information security compliance, IT audit, risk management, security assurance, or a related field.

• Practical experience supporting SOC 2 audits and readiness initiatives.

• Proficient knowledge of ISO 27001/27002, HITRUST, NIST CSF, or comparable security and compliance frameworks.

• Experience in maintaining security policies, controls, control narratives, evidence repositories, and audit documentation.

• Background in supporting internal or external audits, including evidence collection, auditor coordination, control owner follow-up, and remediation tracking.

• Exceptional written communication skills, capable of producing clear policies, questionnaire responses, process documentation, and updates for stakeholders.

• Strong attention to detail and project management skills.

• Experience addressing customer security questionnaires, RFP security sections, or due diligence requests.

• Familiarity with GRC, compliance automation, or audit management platforms.

• Background in SaaS, fintech, benefits, healthcare, or other regulated sectors.

• Ability to thrive in a startup or fast-paced environment, ensuring processes are sufficiently mature to scale without unnecessary friction.

• Capacity to collaborate with both technical and non-technical teams and clearly communicate security and compliance expectations.

🏝️ Benefits

• 95% coverage of medical, dental, and vision expenses.

• One-time $250 work-from-home setup allowance.

• Annual $500 Learning & Development Benefit.

• Monthly allowance of $150 for cell phone and internet.

• Monthly wellness benefit of $100.

• Monthly $100 benefit for co-working and commuting.

• Flexible Paid Time Off (PTO).