GRC Analyst

Requirements

• Proven experience (typically 3-5+ years) in a GRC, cybersecurity consulting, internal audit, compliance management, or technical support role with a strong focus on specific frameworks
• Deep, demonstrable understanding and practical knowledge of NIST frameworks (e.g., Cybersecurity Framework, NIST SP 800-53). Must be able to explain core concepts and requirements accurately
• Deep, demonstrable understanding and practical knowledge of SOC2 (Trust Services Criteria - Security, Availability, Confidentiality, Processing Integrity, Privacy). Must be able to explain criteria and audit concepts accurately
• Deep, demonstrable understanding and practical knowledge of ISO 27001 (Information Security Management Systems). Must be able to explain the ISMS structure, risk assessment process, and Annex A controls accurately
• Strong familiarity and understanding of ISO 42001 (Artificial Intelligence Management Systems) and its core principles/requirements. Must be able to discuss its objectives and key components
• Exceptional communication skills (written and verbal), with a proven ability to explain complex technical and compliance concepts clearly, accurately, and patiently
• Excellent research and analytical skills; ability to find and verify accurate information regarding compliance standards
• Strong customer service orientation and interpersonal skills
• Ability to manage multiple inquiries simultaneously and prioritize effectively
• Bachelor's degree in Information Technology, Cybersecurity, Law, or a related field, OR equivalent practical experience demonstrating deep compliance expertise

What you'll be doing

• Compliance Subject Matter Expert: Serve as the go-to expert for customer inquiries related to the interpretation, requirements, and best practices of NIST, SOC2, ISO 27001, and ISO 42001 frameworks
• Query Resolution: Directly address and resolve customer questions regarding these compliance standards, ensuring accuracy and clarity in all communications (email, calls, support tickets)
• Contextual Understanding: Understand the customer's business context and how their compliance questions relate to their use of our products/services or their broader GRC strategy
• Information Dissemination: Clearly articulate complex compliance concepts to both technical and non-technical customer stakeholders
• Relationship Building: Build trust and rapport with customers through reliable and expert handling of their compliance inquiries
• Internal Collaboration: Work closely with Support, Product, and Sales teams to ensure consistent and accurate messaging regarding compliance topics. Provide internal training or resources as needed
• Knowledge Management: Document common compliance questions and answers, contributing to internal knowledge bases and potentially customer-facing FAQs or documentation
• Stay Current: Continuously monitor changes and updates to relevant compliance frameworks and industry best practices
• Customer Advocacy: Relay customer feedback and frequently asked questions related to compliance back to internal teams to inform product development and service improvements
• Support Customer Success Goals: Contribute to overall customer retention and satisfaction by providing exceptional compliance-focused support

Perks and Benefits

• Competitive equity package
• Corporate pension plan
• Lunch, snacks and drinks provided in the office
• Wellbeing benefit and WFH equipment allowance
• Annual learning and development allowance to grow your skills and career
• Travel allowance for your commute
• Opportunity to work for a globally diverse team