Grc Subject Matter Expert

Summary

Join Vanta's Security organization as a GRC Content Engineer and contribute to developing high-quality, scalable content for our growing list of global customers. You will be responsible for building new security and privacy frameworks, optimizing GRC content, analyzing feedback, collaborating across teams, and partnering with the Product team. This role requires 2-4 years of experience in GRC and/or Information Security, strong communication and collaboration skills, and a technical understanding of security and compliance. Vanta offers competitive compensation, comprehensive benefits, flexible work arrangements, and a supportive work environment.

Requirements

• 2-4 years of experience in GRC and/or Information Security – Consulting experience is a plus but not required
• Strong comprehension, communication, and collaboration skills – Ability to grasp core GRC concepts, apply them effectively across tasks, and clearly communicate findings to GRC Content Engineers, Product Managers, and non-technical stakeholders
• Technical understanding of security and compliance – Familiarity with industry frameworks such as ISO 27001, SOC 2, HIPAA, and NIST 800-53
• Attention to detail and analytical mindset – Comfortable working with cybersecurity frameworks, control mappings, and evidence requirements with precision and consistency
• Proficiency in MS Excel/Google Sheets – Ability to organize large data-sets, use lookup functions, and create pivot tables
• Self-motivated and independent – Able to work autonomously while contributing to team success
• Helpful and resourceful – Willing & excited to support cross-functional teams and improve compliance content
• Adaptable in a fast-paced environment – Skilled at managing change, solving problems proactively, and taking initiative

Responsibilities

• Develop New Compliance Frameworks – Assist in building new security, privacy, and risk management frameworks for end-users
• Optimize GRC Content – Map evidence requirements, improve control descriptions, write policies, risk scenarios, implementation guidance to enhance clarity and usability, and help to develop AI features
• Analyze Feedback – Identify and resolve issues with control mappings, evidence requirements, and framework content based on end-user and auditor input
• Collaborate Across Teams – Work with software engineers, product designers, and customer-facing teams to ensure that GRC content is appropriately integrated into Vanta’s platform and meets end-user needs
• Partner with Product – Work closely with our Product team to advise on the development of new GRC features in the platform

Preferred Qualifications

• Technical background (SOC Analyst, Security Engineer, Vuln Management, etc.) is a plus, but not required
• Security certifications or formal education preferred – Certifications like Security+, CISA, or CISSP are a plus but not required

Benefits

• Industry-competitive compensation
• 100% covered medical, dental, and vision benefits with dependents coverage
• 16 weeks fully-paid parental Leave for all new parents
• Health & wellness and remote workplace stipends
• Family planning benefits through Carrot Fertility
• 401(k) matching
• Flexible work hours and location
• Open PTO policy
• 11 paid holidays in the US
• Offices in SF, NYC, Dublin, and Sydney