Senior GRC Analyst

We’re seeking a Senior GRC Analyst to help drive governance, risk, and compliance initiatives across the organization. In this role, you will support IT audit and compliance efforts related to industry standards and frameworks including SOC 2, PCI DSS 4.0, and ISO 27001, while evaluating and strengthening internal controls across business and technology environments.

The ideal candidate has experience planning and executing control testing, identifying root causes of control gaps, and partnering cross-functionally to implement scalable, effective solutions. This role requires strong analytical and communication skills, the ability to operate independently in a fast-paced environment, and hands-on experience working within SaaS and cloud-based ecosystems, including GCP, AWS, and cloud ERP platforms.

If you are a detail-oriented professional who enjoys improving processes, mitigating risk, and helping build mature compliance programs in a high-growth technology environment, we encourage you to apply.

Responsibilites

• Lead policy development, internal audits, and process improvement initiatives to support compliance with industry standards and regulatory frameworks, including SOC 2, PCI DSS 4.0, and ISO 27001.
• Execute and document internal control testing across IT, security, cloud, and business/operations processes.
• Identify root causes of control deficiencies, audit findings, and non-conformities, and recommend appropriate corrective actions and remediation plans.
• Conduct interviews, walkthroughs, and compliance assessments with stakeholders to evaluate adherence to internal policies and external regulatory requirements.
• Monitor and assess cloud environments, including GCP, AWS, and ERP systems, to validate security controls and risk management practices.
• Analyze and summarize audit findings, risk exposures, and control testing results for presentation to leadership and key stakeholders.
• Assist in third-party risk assessments and vendor compliance reviews to ensure alignment with security and regulatory standards.
• Collaborate cross-functionally to enhance GRC frameworks, policies, procedures, and internal control environments.
• Identify opportunities for process optimization and contribute to the development and implementation of best practices.
• Manage multiple priorities and projects independently while meeting deadlines in a fast-paced, dynamic environment.
• Maintain professional and effective communication with internal and external stakeholders throughout audits, assessments, and remediation efforts.

Minimum Qualifications

• Bachelor’s degree in Accounting, Finance, Information Systems, or a related field.
• Minimum of 5 years of experience in governance, risk, compliance (GRC), IT audit, security compliance, or a related field.
• Proficiency in GRC concepts, IT audit methodologies, and regulatory frameworks such as SOC 2, PCI DSS 4.0, and ISO 27001.
• Demonstrated experience leveraging AI-powered tools or automation to improve audit, compliance, security, or operational workflows, with familiarity evaluating risks associated with AI-enabled systems and processes.
• Strong analytical and problem-solving skills, with the ability to evaluate audit findings, identify root causes, and recommend remediation strategies.
• Ability to work independently, manage competing priorities, and consistently meet deadlines in a fast-paced environment.
• Strong written and verbal communication skills, with the ability to clearly present findings, risks, and recommendations to technical and non-technical stakeholders.

Preferred Qualifications

• Professional certifications such as CISA, CISSP, CRISC, or equivalent.
• Experience working in SaaS environments with a focus on IT risk, compliance, or security governance.
• Experience with cloud platforms and enterprise systems, including GCP, AWS, and cloud-based ERP environments.
• Familiarity conducting audits or compliance assessments within regulated or security-focused environments.