Remotery

Senior GRC Analyst

atDocker, IncCA flagCanadaFull-timeComplianceSenior€72k – €121k/year

Posted May 12

This is a fully remote position, open to applicants in Canada.

📋 Description

• Take ownership of the compliance program roadmap, ensuring alignment of framework requirements (SOC 2, ISO 27001, ISO 27701, ISO 42001) with business goals and product strategy.

• Lead compliance initiatives across departments including Engineering, Product, Legal, and IT, acting as the primary authority on governance and risk issues.

• Develop and maintain Docker’s comprehensive control framework, including cross-mapping to NIST 800-53 and identifying control deficiencies across various standards.

• Plan and conduct internal audits from start to finish: defining scope, gathering evidence, testing controls, managing findings, and coordinating with external auditors.

• Provide guidance to GRC Engineering on appropriate integrations for configuring automated monitoring controls.

• Conduct and lead risk assessments across systems, processes, third-party tools, and cloud setups, converting findings into actionable risk treatment strategies.

• Oversee the vendor risk management program, assessing third-party vendors against compliance and security standards while facilitating the remediation of identified deficiencies.

• Create, review, and update corporate security policies, aligning them with relevant control standards to ensure consistency across frameworks.

• Set and report on compliance metrics and KPIs, delivering data-driven insights into the program's maturity to leadership.

• Stay informed about evolving regulatory and industry standards (e.g., ISO 27xxx, SOC 2, GDPR, AI governance regulations) and proactively evaluate their impact on Docker’s compliance stance.


⛳️ Requirements

• 4 to 6 years of experience in Information Security, Governance, Risk, and Compliance.

• Proven experience in establishing or managing an enterprise risk management program, including conducting risk assessments, maintaining risk registers, and planning risk treatments.

• Experience in third-party risk management, encompassing vendor security evaluations and due diligence processes.

• Knowledge of security frameworks and standards such as ISO 27001, SOC 2, NIST 800-53, and GDPR.

• Understanding of AI governance concepts and emerging frameworks (ISO 42001, NIST AI RMF) or a proven ability to quickly learn and implement new frameworks.

• Experience in designing metrics and reporting for GRC programs, including dashboards and executive summaries.

• Familiarity with cloud platforms (AWS, GCP, Azure) and their associated risk and compliance considerations.

• Excellent written and verbal communication skills, with the capability to explain risk and compliance topics to both technical and non-technical audiences.

• A history of building and enhancing GRC programs from the ground up, including defining processes, creating documentation, and operationalizing workflows.

• Self-driven with a proven ability to thrive in remote-first, dynamic environments.

• Nice to Have: Relevant industry certifications such as CRISC, CISA, CISSP, or CCSK.

• Nice to Have: Experience with GRC platforms (Anecdotes, ServiceNow GRC, OneTrust, or similar).

• Nice to Have: Experience with automation or scripting for risk management processes.


🏝️ Benefits

• Freedom & flexibility; tailor your work to fit your life.

• Designated quarterly Whaleness Days plus an end-of-year Whaleness break.

• Home office setup; we prioritize your comfort while you work.

• 16 weeks of paid parental leave (after 6 months of employment).

• Technology stipend of $100 USD net per month.

• PTO plan that encourages you to take time for activities you enjoy.

• Training stipend for conferences, courses, and classes.

• Equity; as a growing start-up, we want all employees to share in our success.

• Docker Swag.

• Medical benefits, retirement, and holiday policies vary by country.

• Remote-first culture, with offices located in Seattle and Paris.

People also viewed

Mercyhealth Wisconsin and Illinois1 day ago

340B Compliance Analyst

US flagUnited States OnlyFull-timeCompliance$58.8k – $85.3k/year
ApplyView job
Parexel2 days ago

Regulatory Affairs Consultant – Local Regulatory Affairs Operations

IN flagIndia OnlyFull-timeCompliance
ApplyView job
Anchorage Digital2 days ago

Compliance Member

SG flagSingapore OnlyFull-timeCompliance
ApplyView job
BeOne Medicines3 days ago

Senior Associate, US Regulatory Affairs

US flagUnited States OnlyFull-timeCompliance$93.6k – $123.6k/year
ApplyView job
Sowelo Consulting sp. z o.o. sp. k.4 days ago

Governance & Compliance Lead

DE flagGermany OnlyFull-timeCompliance
ApplyView job
Mashreq5 days ago

Team Lead – Compliance Operations

PK flagPakistan OnlyFull-timeCompliance
ApplyView job

Never miss a great job!

Get handpicked remote jobs straight to your inbox weekly.

Trusted by 7,400+ designers