GRC/Compliance Analyst

Apply by Email/Direct Application at

Title: GRC/Compliance Analyst

Duration: 5 months ( could extend longer)

Location: Menlo Park ( onsite 2 days, 3 remote)

Ideally they want a Jr to mid level candidate.

Must have

• GRC Platforms (Vanta, Drata or similar)
• Experience in the following frameworks (combination of 3 or more): ISO 27001, SOC 2, PCI DSS, HIPAA, NIST CSF, HITRUST

Responsibilities:

• Plan, execute and lead security audits across an organization for security frameworks and regulations such as ISO27001, HIPAA, PCI DSS, SOC 2 and assist with other security-relevant audits
• Identify and report deficiencies in both technical and non-technical organizational security controls and compliance processes. Drive the design and implementation of remediation plans for non-conformities, opportunities for improvements, security exceptions in collaboration with the Risk Management team.
• Coordinate security audit activities across the organization, collaborating with cross-functional teams including IT, Engineering, Quality, Operations, People, Finance, Legal and other business units to ensure timely collection and management of audit evidence.
• Ensure compliance with internal policies, standards, and applicable regulations by maintaining and operating effective compliance programs and activities.
• Develop, review, and analyze compliance documentation, assessment reports, and audit findings to ensure accuracy, completeness, and actionable insights Conduct periodic internal reviews and system audits of systems to validate ongoing adherence to security policies and procedures across all departments Engage with external consultants for independent security audits and/or testing efforts, as needed
• Support the implementation and ongoing enhancement of GRAIL s GRC platform, with a focus on automating control testing, evidence collection, and continuous compliance monitoring across the organization

BELOW are notes with RHI on desired characteristics, subject to Michelle Tomelden s selection to fold in JD since this role will focus more on operational management of GRC.

Required

• Minimum 2-3 years of relevant experience
• Bachelor s degree in Computer Science, Information Technology, or related field
• Understanding of cybersecurity standards and regulations such as:
• ISO 27001/27018/27017
• SOC 2
• PCI DSS
• HIPAA
• HITRUST
• CIS benchmarks
• Hands-on experience with analyzing security controls, reviewing artifacts, and performing compliance-related tasks such as substantiation and collection.
• Experience with Continuous Compliance Monitoring Platforms such as:
• Vanta
• Drata
• Secureframe (or similar)

Ideal

• HITRUST certification (or other certifications such as CISSP, CISM, AWS, CompTIA are also valued).