Governance, Risk, and Compliance Analyst

The Role

We're looking for a GRC Analyst to join our growing Security, IT, and Privacy function. You'll be the backbone of all the compliance work at the intersection of Engineering, Legal, and Product. This role will build and maintain the compliance programs as part of the security team.  Our goal is simple: earn and keep the trust of our customers. The right person translates security and risk into terms that the business and product teams can act on.

Key Responsibilities

• Own and manage compliance programs across frameworks including SOC 2, ISO 27001, GDPR, CCPA, HIPAA, and FedRAMP
• Coordinate audit activities end-to-end: evidence collection, documentation, auditor responses, and remediation tracking
• Leverage AI and other tools to deliver metrics that stakeholders can consume and understand
• Conduct vendor and third-party risk assessments; manage the due diligence lifecycle for new and existing partners
• Help manage security and risk reviews (e.g. DDQs, VSQs)  as part of the procurement process in collaboration with the Legal, Finance, and Security team
• Assist with building and maintaining compliance policies, procedures, and supporting documentation for security and compliance
• Translate regulatory and contractual requirements into actionable controls and processes
• Monitor the evolving regulatory landscape (especially AI-specific regulations) and flag relevant obligations
• Support Privacy-by-Design reviews for new product features and data practices
• Track open compliance items and proactively drive them to closure across stakeholders

Requirements

• 3–5 years of experience in GRC, Information Security compliance, or a related field
• Hands-on experience with SOC 2 or ISO 27001 audits, including evidence collection and gap assessments
• Familiarity with privacy regulations: GDPR, CCPA, and ideally emerging AI regulatory frameworks (EU AI Act, etc.)
• Experience managing vendor risk assessments and third-party due diligence processes
• Strong written and verbal communication skills. You can explain compliance requirements to engineers and legal concepts to product managers
• Highly organized, able to manage multiple workstreams and deadlines without dropping the ball
• Comfortable working independently in a fast-paced environment with limited process overhead
• Leverage AI to help build automation and data analysis workflows for reporting and tracking

Bonus points for:

• Experience at an AI or search company
• Familiarity with data broker or data licensing compliance
• CISA, CISM, or CRISC