Senior GRC Analyst

4+ years of experience in roles focused on governance, risk management, and compliance
A strong understanding of information security and compliance frameworks such as CCPA/CPRA, SOC 2, and HIPAA
Experience collaborating with engineering and product teams to identify risks, map commitments to controls, and develop relevant policies
The ability to influence cross-functional teams to accomplish goals as well as understanding and communicating risks to stakeholders across the business
Solid organizational skills and a track record of succeeding in fast-paced environments
Understanding of security concepts and a broad range of security risks and controls.

Be the first member of the Governance, Risk, and Compliance team.
Build and run information security compliance programs aligned with broader business objectives
Develop policies, standards, and guidelines for ensuring compliance with applicable regulatory requirements
Write, revise, and manage company-wide information security policies, standards, and procedures.
Perform security assessments of vendors, third parties, and applications
Engage partner teams to support the design and implementation of a ‘risk-first’ governance function
Find opportunities to improve efficiency and effectiveness, designing tools and automations along the way to drive security and compliance by design.
Identify and assess information security risks to implement appropriate controls to mitigate identified risks, will validate control design and efficiency, and support ongoing risk monitoring and reporting.
Be a subject matter expert in the GRC space, providing education to colleagues across GlossGenius.

Bonus: Experience building and maintaining automations to drive governance, risk, and compliance initiatives at scale
Bonus: Understanding of public cloud infrastructure and services, such as AWS and GCP, including knowledge of cloud-native security protection measures, tools, and techniques