Fetch is hiring a
GRC Analyst

Summary

Join Fetch as a Governance, Risk, and Compliance (GRC) Analyst and play a key role in managing and overseeing the company's Information Security Governance framework and Risk Management program. The GRC Analyst will lead the organization's SOC2 certification efforts and leverage tools like Vanta to streamline compliance and risk management.

Requirements

• Bachelor’s Degree in Information Security, Cybersecurity, Information Technology, or a related field
• GRC-related certifications such as CRISC or CISM are preferred
• Knowledge of SOC2 certification requirements and auditing processes is preferred
• Knowledge of industry standards such as SOC2, ISO 27001, NIST, PCI DSS, GDPR, and CCPA
• 3+ years of experience in Governance, Risk, and Compliance roles, focusing on security compliance and risk management
• Hands-on experience with compliance platforms like Vanta preferred
• Experience managing SOC2 certification efforts, including preparation, audit facilitation, and remediation
• Strong understanding of risk management frameworks and best practices
• Proven ability to perform and lead risk assessments and vendor risk evaluations
• Experience working with people management and IT ensuring employee onboarding and offboarding steps are performed securely and timely to meet compliance requirements

Responsibilities

• Develop and maintain security policies, standards, and procedures that align with industry best practices and regulatory requirements
• Manage and oversee the SOC2 compliance program, ensuring all controls are implemented, maintained, and audited successfully
• Assist in compliance assessments (SOC2, ISO 27001, CCPA, etc.) and support internal and external audits
• Collaborate with cross-functional teams to address any gaps identified during audits or assessments and develop remediation plans
• Ensure alignment of security controls with business and regulatory requirements, recommending updates to policies as needed
• Perform risk assessments, identifying information security risks, evaluating their impact, and recommending risk mitigation strategies
• Maintain and update the organization’s risk register and assist in developing risk treatment plans
• Conduct vendor risk assessments, reviewing third-party security controls and ensuring compliance with contractual agreements and regulations
• Develop and maintain key risk indicators to track and report on security risks across the organization
• Leverage a GRC platform to monitor and manage compliance activities, automate evidence collection, and track the company’s progress toward SOC2 certification
• Ensure that the GRC platform is properly configured to meet the company’s compliance objectives and maintain system integrity
• Work closely with internal teams to integrate the GRC platform with various systems and processes, ensuring a smooth, automated compliance workflow
• Provide training and guidance to employees on the use of Vanta and on compliance-related responsibilities
• Support both internal and external audit processes, ensuring that appropriate documentation and evidence are provided on time
• Work with stakeholders to ensure audit findings are tracked and remediated efficiently
• Prepare and present reports to senior management, outlining risk assessments, compliance statuses, and remediation efforts
• Stay current with industry best practices, regulatory changes, and emerging threats to continuously improve the organization’s GRC posture
• Propose and implement improvements to the organization’s security program, ensuring alignment with the latest security frameworks and compliance requirements
• Engage in continuous education and certification opportunities relevant to the role (e.g., CISM, CRISC)

Preferred Qualifications

• Strong project management and organizational skills
• Excellent written and verbal communication skills, with the ability to translate technical requirements into business-friendly language
• Attention to detail and strong analytical skills
• Ability to work collaboratively across departments, particularly with IT, Legal, and Business Operations teams

Benefits

• Equity for everyone
• 401k Match: Dollar-for-dollar match up to 4%
• Benefits for humans and pets: We offer comprehensive medical, dental and vision plans for everyone including your pets
• Continuing Education: Fetch provides ten Thousand per year in education reimbursement
• Employee Resource Groups: Take part in employee-led groups that are centered around fostering a diverse and inclusive workplace through events, dialogue and advocacy. The ERGs participate in our Inclusion Council with members of executive leadership
• Paid Time Off: On top of our flexible PTO, Fetch observes 9 paid holidays, including Juneteenth and Indigenous People’s Day, as well as our year-end week-long break
• Robust Leave Policies: 20 weeks of paid parental leave for primary caregivers, 14 weeks for secondary caregivers, and a flexible return to work schedule. $2000 baby bonus
• Hybrid Work Environment: Collaborate with your team in one of our stunning offices in Madison, Birmingham, or Chicago. We’ll ensure you are equally equipped with the hardware and software you need to get your job done in the comfort of your home