Senior GRC Analyst

Summary

Join GlossGenius as a Senior GRC Analyst and be the first member of the Governance, Risk, and Compliance team. You will build and maintain compliance frameworks, ensuring alignment with regulatory requirements and company objectives. This remote position, based anywhere in the continental US (hybrid in NYC), requires extensive experience in cybersecurity compliance, risk management, and audit processes. You will assess regulatory requirements, build security compliance programs, and develop company-wide information security policies. The role involves collaborating with various teams, identifying and mitigating risks, and providing GRC expertise. GlossGenius offers competitive benefits, including flexible PTO, health insurance, parental leave, 401k, and professional development opportunities.

Requirements

• 4+ years of experience in roles focused on governance, risk management, and compliance
• A strong understanding of information security and compliance frameworks such as CCPA/CPRA, SOC 2, and HIPAA
• Experience collaborating with engineering and product teams to identify risks, map commitments to controls, and develop relevant policies
• The ability to influence cross-functional teams to accomplish goals as well as understanding and communicating risks to stakeholders across the business
• Solid organizational skills and a track record of succeeding in fast-paced environments
• Understanding of security concepts and a broad range of security risks and controls

Responsibilities

• Be the first member of the Governance, Risk, and Compliance team
• Build and run information security compliance programs aligned with broader business objectives
• Develop policies, standards, and guidelines for ensuring compliance with applicable regulatory requirements
• Write, revise, and manage company-wide information security policies, standards, and procedures
• Perform security assessments of vendors, third parties, and applications
• Engage partner teams to support the design and implementation of a “risk-first” governance function
• Find opportunities to improve efficiency and effectiveness, designing tools and automations along the way to drive security and compliance by design
• Identify and assess information security risks to implement appropriate controls to mitigate identified risks, will validate control design and efficiency, and support ongoing risk monitoring and reporting
• Be a subject matter expert in the GRC space, providing education to colleagues across GlossGenius

Preferred Qualifications

• Experience building and maintaining automations to drive governance, risk, and compliance initiatives at scale
• Understanding of public cloud infrastructure and services, such as AWS and GCP, including knowledge of cloud-native security protection measures, tools, and techniques

Benefits

• Flexible PTO
• Competitive health & dental insurance options, with premiums partially or fully covered by GG
• In-person opportunities that are designed to help team members foster collaboration and build community (ie; working out of a co-working space, team dinners, and other team building activities)
• Fertility and adoption benefits via Carrot
• Generous, fully-paid parental leave policy
• 401k benefit - employees are eligible to contribute starting day 1 of employment
• Professional Development - employees receive a yearly stipend for approved learning and educational-related expenses
• Pre-tax commuter benefits
• Dependent Care FSA
• Home office support