Senior GRC Analyst (Cybersecurity)

TL;DR

Senior GRC Analyst (Cybersecurity): Managing the compliance platform and customer security assessments with an accent on Vanta administration, FedRAMP ConMon execution, and framework alignment. Focus on maintaining audit-ready evidence, streamlining questionnaire responses, and ensuring continuous compliance across SOC 2, ISO 27001, and GDPR.

Location: Must be based in the United States

Salary: $100,000–$115,000 per year

Company

hirify.global is a global leader in third-party cyber risk intelligence, providing organizations with a continuous, outside-in view of their vendor ecosystems.

What you will do

• Manage the Vanta compliance platform end-to-end, ensuring evidence library currency and control mapping for SOC 2, ISO 27001, FedRAMP, and GDPR.
• Own the inbound customer security assessment process, responding to RFPs and security questionnaires within defined SLAs.
• Execute monthly FedRAMP ConMon reporting, including vulnerability scan results, POA&M updates, and evidence production.
• Support third-party risk identification, assessment, and monitoring (TPCRM) activities as directed.
• Coordinate internal audit processes, including control testing documentation and auditor request responses.
• Monitor compliance framework and regulatory changes to assess impact and recommend responses.

Requirements

• 2–4 years of hands-on experience in GRC, compliance, or information security.
• Practical working knowledge of SOC 2, NIST, or ISO 27001 applied in a real compliance environment.
• Experience producing compliance evidence and managing specific framework control domains independently.
• Familiarity with cloud services principles and their security and compliance implications.
• General knowledge of core security domains: network security, endpoint protection, vulnerability scanning, and access controls.
• Must be based in the United States.

Nice to have

• Hands-on experience administering Vanta or an equivalent compliance platform.
• Direct experience with FedRAMP ConMon, monthly reporting, and POA&M tracking.
• Experience owning or significantly contributing to a customer security questionnaire response program.
• Familiarity with TPCRM programs and vendor questionnaire workflows.
• Certifications such as CompTIA Security+, CISA, CRISC, or ISO 27001 Lead Auditor/Implementer.

Culture & Benefits

• Total rewards program including performance-based bonuses and equity.
• Flexible healthcare options and retirement savings programs.
• Paid time off.
• Opportunity to work in a fast-moving, high-impact team solving critical cybersecurity challenges.