Senior GRC Analyst

Summary

Join GlossGenius as a Senior GRC Analyst and be the first member of the Governance, Risk, and Compliance team! You will play a critical role in supporting GlossGenius’s compliance efforts by implementing and maintaining governance, risk, and compliance frameworks. This remote position, based anywhere in Canada, requires 4+ years of experience in GRC, a strong understanding of information security and compliance frameworks, and the ability to collaborate with various teams. You will build and run security compliance programs, develop policies, and assess risks. GlossGenius offers competitive benefits including flexible PTO, health and dental insurance, generous parental leave, professional development stipends, home office support, and team bonding opportunities.

Requirements

• 4+ years of experience in roles focused on governance, risk management, and compliance
• A strong understanding of information security and compliance frameworks such as CCPA/CPRA, SOC 2, and HIPAA
• Experience collaborating with engineering and product teams to identify risks, map commitments to controls, and develop relevant policies
• The ability to influence cross-functional teams to accomplish goals as well as understanding and communicating risks to stakeholders across the business
• Solid organizational skills and a track record of succeeding in fast-paced environments
• Understanding of security concepts and a broad range of security risks and controls

Responsibilities

• Be the first member of the Governance, Risk, and Compliance team
• Build and run information security compliance programs aligned with broader business objectives
• Develop policies, standards, and guidelines for ensuring compliance with applicable regulatory requirements
• Write, revise, and manage company-wide information security policies, standards, and procedures
• Perform security assessments of vendors, third parties, and applications
• Engage partner teams to support the design and implementation of a “risk-first” governance function
• Find opportunities to improve efficiency and effectiveness, designing tools and automations along the way to drive security and compliance by design
• Identify and assess information security risks to implement appropriate controls to mitigate identified risks, will validate control design and efficiency, and support ongoing risk monitoring and reporting
• Be a subject matter expert in the GRC space, providing education to colleagues across GlossGenius

Preferred Qualifications

• Experience building and maintaining automations to drive governance, risk, and compliance initiatives at scale
• Understanding of public cloud infrastructure and services, such as AWS and GCP, including knowledge of cloud-native security protection measures, tools, and techniques

Benefits

• Flexible PTO
• Competitive health & dental insurance options, with premiums covered by GG
• Generous, fully-paid parental leave policy
• Professional Development - employees receive a yearly stipend for approved learning and educational-related expenses
• Home office support
• Team Bonding opportunities - as a distributed team, being able to build meaningful bonds both virtually and in person is incredibly important to us! We are constantly evaluating how we accomplish this and currently, teams are given opportunities to gather in person throughout the year