Staff GRC Analyst

TL;DR

Staff GRC Analyst: Enhancing the global compliance posture and managing enterprise risk with an accent on commercial attestation programs and continuous monitoring processes. Focus on driving security and compliance control frameworks and championing a culture of compliance accountability across the organization.

Location: If you’re based within a pre-determined commuting distance of one of our offices (SF, NY, London, or Berlin), the role includes in-office anchor days on Monday, Tuesday, and Friday, even if the role is listed as remote.

Salary: $180,000.00 - $270,000.00 (San Francisco, CA base pay range)

Company

hirify.global gives developers the tools and cloud infrastructure to build, scale, and secure a faster, more personalized web.

What you will do

• Own and scale commercial attestation program and audits (i.e., SOC 2, ISO 27001, PCI DSS, etc.) while maintaining alignment with business objectives and market demand.
• Design and strengthen continuous monitoring processes to improve control effectiveness and mature control implementation from audit-ready to always-ready.
• Drive evolution of security and compliance control frameworks that set the direction for proactive risk management.
• Partner with cross-functional stakeholders to plan, implement, maintain & remediate control activities and supporting requirements.
• Champion a culture of compliance accountability and business-enablement across the organization through autonomous program governance and reporting and building trusted relationships.

Requirements

• Experience managing and running audits, certification programs and enterprise control assessments, including scope planning, defining requirements, policy and standards development, and control testing
• Deep knowledge of audit processes, evidence requirements, and remediation lifecycle management for security and compliance frameworks (i.e., SOC 2, ISO 27001, PCI DSS)
• Proven experience owning large-scale GRC programs, collaborating with technical and non-technical teams and driving initiatives to completion

Nice to have

• Familiarity with data governance, compliance or software development tools and systems (e.g., Drata, Linear, Github, etc.)
• Experience supporting cloud, AI-native, and open source development environments and systems
• Experience with FedRAMP or NIST frameworks, such as 800-53, AI RMF
• Security certifications (e.g. CISA, CISSP)

Culture & Benefits

• Competitive compensation package, including equity.
• Inclusive Healthcare Package.
• Learn and Grow - mentorship and events to help you build your network and skills.
• Flexible Time Off.
• WFH budget for you to outfit your space as needed.