Senior Information Security GRC Analyst in United States at Jobgether

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Senior Information Security GRC Analyst in United States.

This role is a key contributor within a fast-evolving information security function, responsible for strengthening governance, risk, and compliance practices across the organization. You will play a central role in maintaining and evolving the security program, ensuring alignment with major regulatory frameworks such as SOC 2, ISO 27001, PCI, and NIST. The position combines hands-on compliance operations with strategic risk management, working closely with stakeholders across security, engineering, legal, and leadership teams. You will also manage GRC tooling, oversee audits, and ensure continuous improvement of internal controls and security processes. This is a highly cross-functional role requiring strong communication skills, attention to detail, and the ability to operate in a dynamic, fast-paced environment. You will help shape security culture while ensuring the organization meets and exceeds compliance expectations.

• Manage and maintain the organization’s Information Security GRC program, ensuring internal controls and security processes are consistently updated, effective, and aligned with business operations.
• Perform control mapping and gap analyses to align internal controls with frameworks such as SOC 2, ISO 27001, PCI DSS, NIST CSF, and CCPA.
• Lead audit preparation and execution, including SOC 2, PCI, and ISO 27001 assessments, as well as coordination of remediation activities.
• Oversee and optimize the GRC platform (e.g., Drata), ensuring accurate evidence collection, automation, and system integrity.
• Manage third-party vendor risk processes, including onboarding, due diligence, ongoing monitoring, and risk evaluation.
• Collaborate with internal stakeholders across Security, Engineering, Legal, Procurement, and Risk teams to embed compliance into daily operations.
• Develop and maintain security policies, standards, documentation, and training programs to support organizational compliance and awareness.
• Support continuous improvement initiatives, including automation opportunities, process optimization, and enhanced security governance practices.

• 5–7 years of experience in information security, governance, risk, and compliance roles.
• 3+ years of hands-on experience leading or supporting audits such as SOC 2, PCI DSS, or ISO 27001.
• Strong knowledge of regulatory and security frameworks including NIST CSF, SOC 2, ISO 27001, PCI DSS, and CCPA.
• Experience working with GRC platforms such as Drata, AuditBoard, HyperProof, or OneTrust.
• Proven ability to manage documentation, control frameworks, and compliance reporting with strong attention to detail.
• Excellent communication skills, with the ability to present complex compliance topics to both technical teams and executive leadership.
• Strong organizational, project management, and process improvement capabilities.
• Familiarity with vendor risk management and third-party security assessments is highly preferred.
• Certifications such as CISA, CISM, or progress toward relevant certifications are a plus.
• High level of integrity and ability to manage sensitive and confidential information responsibly.

• Competitive base salary range of $155,000 to $165,000 USD.
• Equity opportunities as part of the long-term incentive program.
• Comprehensive medical, dental, and vision insurance coverage.
• Fully remote work environment within the United States.
• 401(k) retirement plan with available options.
• Generous paid time off, sick leave, and 11 paid company holidays.
• 12 weeks of paid parental leave for all parents.
• Monthly home office stipend and financial wellness benefits.
• Access to wellness programs and employee support resources.
• Professional development opportunities and certification support.