Senior Information Security GRC Analyst

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Senior Information Security GRC Analyst in United States.

This role is a key contributor within a fast-evolving information security function, responsible for strengthening governance, risk, and compliance practices across the organization. You will play a central role in maintaining and evolving the security program, ensuring alignment with major regulatory frameworks such as SOC 2, ISO 27001, PCI, and NIST. The position combines hands-on compliance operations with strategic risk management, working closely with stakeholders across security, engineering, legal, and leadership teams. You will also manage GRC tooling, oversee audits, and ensure continuous improvement of internal controls and security processes. This is a highly cross-functional role requiring strong communication skills, attention to detail, and the ability to operate in a dynamic, fast-paced environment. You will help shape security culture while ensuring the organization meets and exceeds compliance expectations.

Accountabilities

• Manage and maintain the organization’s Information Security GRC program, ensuring internal controls and security processes are consistently updated, effective, and aligned with business operations.
• Perform control mapping and gap analyses to align internal controls with frameworks such as SOC 2, ISO 27001, PCI DSS, NIST CSF, and CCPA.
• Lead audit preparation and execution, including SOC 2, PCI, and ISO 27001 assessments, as well as coordination of remediation activities.
• Oversee and optimize the GRC platform (e.g., Drata), ensuring accurate evidence collection, automation, and system integrity.
• Manage third-party vendor risk processes, including onboarding, due diligence, ongoing monitoring, and risk evaluation.
• Collaborate with internal stakeholders across Security, Engineering, Legal, Procurement, and Risk teams to embed compliance into daily operations.
• Develop and maintain security policies, standards, documentation, and training programs to support organizational compliance and awareness.
• Support continuous improvement initiatives, including automation opportunities, process optimization, and enhanced security governance practices.
  
  

Requirements

• 5-7 years of experience in information security, governance, risk, and compliance roles.

Interested in remote work opportunities in Cyber Security? Discover Cyber Security Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.

• 3+ years of hands-on experience leading or supporting audits such as SOC 2, PCI DSS, or ISO 27001.
• Strong knowledge of regulatory and security frameworks including NIST CSF, SOC 2, ISO 27001, PCI DSS, and CCPA.
• Experience working with GRC platforms such as Drata, AuditBoard, HyperProof, or OneTrust.
• Proven ability to manage documentation, control frameworks, and compliance reporting with strong attention to detail.
• Excellent communication skills, with the ability to present complex compliance topics to both technical teams and executive leadership.
• Strong organizational, project management, and process improvement capabilities.
• Familiarity with vendor risk management and third-party security assessments is highly preferred.
• Certifications such as CISA, CISM, or progress toward relevant certifications are a plus.
• High level of integrity and ability to manage sensitive and confidential information responsibly.
  
  

Benefits

• Competitive base salary range of $155,000 to $165,000 USD.
• Equity opportunities as part of the long-term incentive program.
• Comprehensive medical, dental, and vision insurance coverage.

Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.

• Fully remote work environment within the United States.
• 401(k) retirement plan with available options.
• Generous paid time off, sick leave, and 11 paid company holidays.
• 12 weeks of paid parental leave for all parents.
• Monthly home office stipend and financial wellness benefits.
• Access to wellness programs and employee support resources.
• Professional development opportunities and certification support.
  
  

How Jobgether Works

We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team.

We appreciate your interest and wish you the best!

Why Apply Through Jobgether?

Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.