Senior GRC Analyst

Summary

Join Tines as a Senior Governance, Risk, and Compliance (GRC) Analyst and play a critical role in strengthening our compliance strategy and execution. Based remotely in the US, you will report to the Head of IT Operations & Information Security and contribute to our FedRAMP program while maintaining SOC 2 compliance. Key responsibilities include assisting with FedRAMP certification, maintaining SOC 2 compliance, managing vendor risk, conducting risk assessments, automating compliance processes, responding to customer security inquiries, developing policies, collaborating cross-functionally, reviewing contracts, and monitoring regulatory changes. This role requires 8+ years of experience in IT compliance, security, or risk management, demonstrated experience with FedRAMP and ISO 27001, strong knowledge of SOC 2, and excellent communication skills. Preferred qualifications include industry certifications (CISSP, CISA, or CISM), experience with compliance automation tools, and knowledge of cloud security. Tines offers a remote-first work environment and is committed to fostering a culture of growth and integrity.

Requirements

• 8+ years of experience in IT compliance, security, or risk management
• Demonstrated experience with FedRAMP certification processes and requirements
• Hands-on experience implementing or maintaining ISO 27001 compliance
• Strong knowledge of SOC 2 compliance frameworks and audit processes
• Experience conducting vendor security assessments and risk analyses
• Excellent understanding of information security principles, controls, and best practices
• Strong project management skills with ability to manage multiple compliance initiatives simultaneously
• Exceptional communication skills for translating technical requirements to non-technical stakeholders
• Location: Based remotely in the United States

Responsibilities

• Assist our FedRAMP certification program, including gap analysis, remediation planning, documentation development, and coordination with 3PAO assessors
• Support continuous compliance with SOC 2 requirements, including evidence collection, control testing, and audit coordination
• Establish and manage a comprehensive vendor risk assessment program, evaluating security controls and compliance posture before acquisition
• Conduct thorough risk analyses for systems, processes, and third-party applications, implementing appropriate controls to mitigate identified risks
• Leverage Tines automation capabilities to streamline compliance processes, evidence collection, and reporting
• Respond to customer security inquiries, questionnaires, and audit requests, maintaining our Trust Center with up-to-date documentation
• Review, update, and develop security policies and procedures aligned with regulatory requirements and industry best practices
• Partner with engineering, product, legal, and leadership teams to embed compliance requirements into organizational processes
• Collaborate closely with the legal team to review contracts for security and compliance requirements, ensure appropriate security provisions are included, identify potential compliance risks, and recommend mitigating controls. Help develop standardized security language for various contract types
• Stay current with evolving compliance standards and regulatory requirements relevant to our business and customers

Preferred Qualifications

• Industry certifications such as CISSP, CISA, or CISM
• Experience with compliance automation tools and techniques
• Knowledge of cloud security principles and controls (AWS, Azure, GCP)
• Experience reviewing contracts for security and compliance requirements
• Experience in SaaS or technology companies
• Familiarity with privacy regulations (GDPR, CCPA)
• Experience working in remote-first environments