Job Title: Technical GRC Analyst (Compliance & Assurance)
Remote
As part of the Client Compliance & Assurance team, you''ll help build and maintain trust by partnering across the business to provide practical, risk-based compliance and assurance that enables the company to scale with confidence.
As a Technical GRC Analyst, you''ll partner with Security, Engineering, Product, and business teams to evaluate technical controls, validate evidence, assess risk, and continuously improve the organization''s compliance and assurance program.
This is a hands-on role for someone who enjoys understanding how technology works, asking thoughtful questions, solving problems, and helping build a modern compliance program that scales with the business.
Your Focus Areas
● Technical Control Assurance and Risk Assessments
● AI Governance & Emerging Technologies (ISO 42001)
● Technical Customer Assurance
● Program Intelligence, Metrics & Analytics
● Compliance Automation & Continuous Improvement
Key Responsibilities
● Evaluate the design and operating effectiveness of technical controls.
● Review and validate evidence to assess whether controls are implemented, operating effectively, and appropriately documented.
● Perform technical risk assessments for new technologies, systems, and business initiatives.
● Partner with Engineering and Security to ensure technical controls align with compliance requirements and industry best practices.
● Support and continuously improve the company’s AI governance program — AI policies, acceptable-use standards, risk assessments, vendor evaluations, and security controls aligned with ISO 42001.
● Transform compliance data into meaningful insights that support business decisions and program maturity.
● Identify opportunities to automate compliance activities and improve operational efficiency.
● Support internal assessments, customer due diligence, and external audits.
What You''ll Bring
Experience
● 8+ years of experience in technical security, Security GRC, regulatory compliance, or a related discipline.
● Experience evaluating technical controls and validating supporting evidence.
● Experience performing technical risk assessments and working with cross-functional teams.
● Experience working in technology organizations with modern cloud and enterprise environments.
● Exposure to FedRAMP authorization activities including NIST 800-53 control implementation, SSP development, evidence collection, POA&M management, or readiness assessments is highly desirable.
Working knowledge in several of the following areas:
● Cloud and security architecture concepts
● Vulnerability and risk management
● Secure software development and DevSecOps concepts
● Data protection and encryption
● AI governance and emerging technologies
● Dashboard development, reporting, analytics and automation
You''re someone who:
● Enjoys understanding how technology works and asking thoughtful questions.
● Can translate technical concepts into practical compliance conversations
● Exercise sound judgment when evaluating controls, validating evidence, and balancing compliance requirements with practical business needs.
● Builds trusted relationships across teams.
● Takes ownership and enjoys improving processes.
● Thrives in a fast-paced startup environment.
What Success Looks Like
● Technical controls are consistently evaluated and continuously improved.
● Leadership has meaningful visibility into technical risks and control effectiveness.
● Dashboards and metrics support informed business decisions.
● Customer and audit activities are well supported through high-quality evidence and strong technical assurance.