Senior Analyst – Governance, Risk, Compliance

Job Description: • Lead and support Governance, Risk, and Compliance (GRC) initiatives, including policy development, control assessments, and audit readiness. • Own and manage responses to customer and vendor security questionnaires, ensuring timely, accurate, and consistent communication. • Collaborate with cross-functional teams (Security, Finance, Engineering, Product, and Sales) to maintain compliance with frameworks such as SOC 2, ISO 27001, and GDPR. • Support third-party risk management activities, including vendor assessments and remediation tracking. • Monitor regulatory and compliance developments to ensure internal policies and controls remain current. • Assist in preparing evidence for internal and external audits and certifications. • Contribute to security awareness and training programs. • Manage GRC operations, maintaining policies, procedures, and evidence in Vanta to ensure continuous compliance with frameworks. • Review and update security controls in Vanta, ensuring all systems and integrations remain connected and compliant. • Monitor compliance tasks and remediation tickets in Vanta, following up with internal stakeholders to ensure timely completion. • Respond to customer and vendor security questionnaires, collaborating with Product, Engineering, and Legal teams for accurate and efficient responses. • Prepare and organize audit evidence for compliance and privacy, ensuring readiness for internal and external audits. • Conduct regular risk assessments, document findings, and track mitigation efforts. • Support third-party risk management – perform vendor reviews/assessments, track projects, and follow up on remediation actions. • Monitor regulatory updates and recommend changes to internal policies or controls as needed. • Assist with security awareness training and ongoing employee compliance efforts. Requirements: • Bachelor’s degree in Information Security, Computer Science, Business, or a related field (Master’s degree a plus). • 5+ years of experience in information security, risk management, or compliance. • Prior experience in a Big Four consulting firm or similar professional services environment preferred. • Strong understanding of security frameworks (SOC 2, ISO 27001, NIST, GDPR, etc.). • Excellent written and verbal communication skills — especially in translating technical details into clear, business-focused language. • Demonstrated experience responding to security questionnaires and due diligence requests. • Highly organized, detail-oriented, and able to manage multiple priorities in a remote environment. Benefits: • Diversity, Equity, and Inclusion • Inclusive workplace and community Apply tot his job