Senior Information Security GRC Analyst
New
Fully remote work environment within the United States.Full-TimeSenior
Salary155,000 - 165,000 USD per year
Apply NowOpens the employer's application page
Job Details
- Experience
- 5–7 years
Requirements
- 5–7 years of experience in information security, governance, risk, and compliance roles.
- 3+ years of hands-on experience leading or supporting audits such as SOC 2, PCI DSS, or ISO 27001.
- Strong knowledge of regulatory and security frameworks including NIST CSF, SOC 2, ISO 27001, PCI DSS, and CCPA.
- Experience working with GRC platforms such as Drata, AuditBoard, HyperProof, or OneTrust.
- Proven ability to manage documentation, control frameworks, and compliance reporting.
- Excellent communication skills with the ability to present complex topics to technical teams and leadership.
- Strong organizational, project management, and process improvement capabilities.
- Familiarity with vendor risk management and third-party security assessments.
- Certifications such as CISA, CISM, or progress toward relevant certifications.
Responsibilities
- Manage and maintain the organization’s Information Security GRC program.
- Perform control mapping and gap analyses to align internal controls with frameworks such as SOC 2, ISO 27001, PCI DSS, NIST CSF, and CCPA.
- Lead audit preparation and execution, including SOC 2, PCI, and ISO 27001 assessments.
- Oversee and optimize the GRC platform (e.g., Drata).
- Manage third-party vendor risk processes, including onboarding, due diligence, and risk evaluation.
- Collaborate with internal stakeholders across Security, Engineering, Legal, and Procurement teams.
- Develop and maintain security policies, standards, documentation, and training programs.
- Support continuous improvement initiatives, including automation opportunities.
View Full Description & ApplyYou'll be redirected to the employer's site
