Senior GRC Analyst
ΠΠ°ΠΊΠ°Π½ΡΠΈΡ ΠΈΠ· Hirify Global, ΡΠΏΠΈΡΠΊΠ° ΠΌΠ΅ΠΆΠ΄ΡΠ½Π°ΡΠΎΠ΄Π½ΡΡ
tech-ΠΊΠΎΠΌΠΏΠ°Π½ΠΈΠΉΠΠ»Ρ ΠΌΡΡΡΠ° ΠΈ ΠΎΡΠΊΠ»ΠΈΠΊΠ° Π½ΡΠΆΠ΅Π½ Plus
ΠΡΡΡ & Π‘ΠΎΠΏΡΠΎΠ²ΠΎΠ΄
ΠΠ»Ρ ΠΌΡΡΡΠ° Ρ ΡΡΠΎΠΉ Π²Π°ΠΊΠ°Π½ΡΠΈΠ΅ΠΉ Π½ΡΠΆΠ΅Π½ Plus
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅ Π²Π°ΠΊΠ°Π½ΡΠΈΠΈ
TL;DR
Senior GRC Analyst (Security): Build and operate enterprise risk management program including security risk assessments, third-party risk management, risk register, and AI governance initiative with an accent on compliance frameworks, internal audits, and policy development. Focus on leading cross-functional initiatives, designing unified control frameworks, performing risk assessments, and establishing compliance metrics for leadership visibility.
Location: Remote from Canada, England, France, Germany, Italy, Portugal, Spain, or United States. does not offer visa sponsorship for this role.
EU Salary Range: β¬72Kββ¬121K β’ Offers Equity; US Salary Range: $123.8Kβ$202.4K β’ Offers Equity
Company
Globally distributed remote-first team building developer tools like Desktop, Hub, and Scout, powering containerized applications and secure AI workflows.
What you will do
- Own compliance program roadmap, aligning SOC 2, ISO 27001, ISO 27701, ISO 42001 with business and product strategy
- Lead cross-functional initiatives with Engineering, Product, Legal, IT as authority on governance and risk
- Design unified control framework, cross-map to NIST 800-53, identify gaps
- Plan and execute internal audits: scoping, testing, findings, auditor coordination
- Perform risk assessments on systems, processes, vendors, cloud; create treatment plans
- Own vendor risk management, evaluate third-parties, drive remediations
- Draft security policies, map to standards; establish and report KPIs
Requirements
- 4-6 years in Information Security, GRC
- Experience building/operating enterprise risk management: assessments, registers, treatment
- Third-party risk management, vendor assessments
- Knowledge of ISO 27001, SOC 2, NIST 800-53, GDPR
- Familiarity with AI governance (ISO 42001, NIST AI RMF) or quick learning
- Metrics and reporting for GRC, dashboards
- Cloud environments (AWS, GCP, Azure) risks
- Strong communication for technical/non-technical audiences
- Track record maturing GRC programs from ground up
- Self-motivated in remote-first, fast-paced environment
Nice to have
- Certifications: CRISC, CISA, CISSP, CCSK
- Experience with GRC platforms (Anecdotes, ServiceNow GRC, OneTrust)
- Automation/scripting for risk workflows
Culture & Benefits
- Remote-first culture with offices in Seattle and Paris
- Freedom & flexibility to fit work around life
- Quarterly Whaleness Days plus end-of-year break
- Home office setup and $100 USD/month tech stipend
- PTO plan, 16 weeks paid parental leave (after 6 months)
- Training stipend for conferences/courses
- Equity for all employees
- Medical benefits, retirement, holidays vary by country
- swag
ΠΡΠ΄ΡΡΠ΅ ΠΎΡΡΠΎΡΠΎΠΆΠ½Ρ: Π΅ΡΠ»ΠΈ ΡΠ°Π±ΠΎΡΠΎΠ΄Π°ΡΠ΅Π»Ρ ΠΏΡΠΎΡΠΈΡ Π²ΠΎΠΉΡΠΈ Π² ΠΈΡ ΡΠΈΡΡΠ΅ΠΌΡ, ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΡ iCloud/Google, ΠΏΡΠΈΡΠ»Π°ΡΡ ΠΊΠΎΠ΄/ΠΏΠ°ΡΠΎΠ»Ρ, Π·Π°ΠΏΡΡΡΠΈΡΡ ΠΊΠΎΠ΄/ΠΠ, Π½Π΅ Π΄Π΅Π»Π°ΠΉΡΠ΅ ΡΡΠΎΠ³ΠΎ - ΡΡΠΎ ΠΌΠΎΡΠ΅Π½Π½ΠΈΠΊΠΈ. ΠΠ±ΡΠ·Π°ΡΠ΅Π»ΡΠ½ΠΎ ΠΆΠΌΠΈΡΠ΅ "ΠΠΎΠΆΠ°Π»ΠΎΠ²Π°ΡΡΡΡ" ΠΈΠ»ΠΈ ΠΏΠΈΡΠΈΡΠ΅ Π² ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΊΡ. ΠΠΎΠ΄ΡΠΎΠ±Π½Π΅Π΅ Π² Π³Π°ΠΉΠ΄Π΅ β
ΠΠΎΡ ΠΎΠΆΠΈΠ΅ Π²Π°ΠΊΠ°Π½ΡΠΈΠΈ
Senior GRC Analyst (Cybersecurity)
Security Engineer (Compliance)
Senior GRC Engineer (Cybersecurity)
Senior Risk Management Engineer (GRC)
Senior GRC Engineer (AI)