Senior GRC Analyst

📋 Description

• Own security/compliance program; maintain SOC 2 Type II and ISO 27001.
• Lead certifications: gap assessments, policy updates, and required docs.
• Administer GRC platform (Vanta): control mapping, evidence workflows.
• Lead security working group; drive risk remediation and reporting.
• Coordinate penetration testing with engineering; close findings.
• Create security policies aligned with GDPR, PCI DSS, and other regs.

🎯 Requirements

• 5+ years in security/compliance/GRC with direct SOC 2 Type II and ISO 27001 ownership.
• Hands-on with Vanta or similar GRC; automating compliance workflows.
• Technical fluency to read pen tests and discuss controls with engineers.
• Familiarity with PCI DSS and GDPR; self-attestation or certification preferred.
• Experience supporting enterprise sales cycles with security questionnaires.
• Excellent communicator; briefing leadership and engineers.

🎁 Benefits

• Equity at an early-stage startup
• Premium health insurance (medical, dental, vision)
• Unlimited PTO with a 3-week minimum
• Upward Mobility and career growth
• Learning & Development stipend
• 401k plan, parental leave, and fertility/adoption benefits