GRC Analyst

Lendistry is an Equal Opportunity/Affirmative Action Employer. We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, or membership in any other group protected by federal, state, or local law.

If you need assistance or accommodation due to a disability, you may contact us at hr Lendistry does not accept unsolicited resumes from recruiters, employment agencies, or staffing firms. To conduct business with Lendistry, a Master Services Agreement (MSA) must be executed and confirmed prior to submitting any information relating to a potential candidate. Without a signed MSA, Lendistry shall not be responsible to any individual or entity for any payment relating to any form of fee or compensation.

And, in the event that a resume or candidate is submitted by a recruiter, an employment agency, or a staffing firm without a fully executed MSA, Lendistry has the unrestricted right to pursue and hire any of those candidate(s) without any legal or financial responsibility to the recruiter, agency, and/or firm.

A Day in the Life The GRC Data Analyst within the Governance, Risk, and Compliance team within the Office of the CISO, reporting to the CISO or a designated GRC leader. This is a hands-on analytical role for someone who can turn raw evidence — control outputs, audit logs, vendor attestations, incident data, policy exceptions — into the signal that drives Lendistry's security, risk, and compliance posture.

You will operate the data side of GRC: building and maintaining the control inventory, tracking compliance against SOC 2, GLBA, SBA program requirements, state lending regulations, and CCPA/CPRA, running evidence collection for internal and external audits, analyzing vendor and third-party risk, and producing the metrics and reporting that inform the CISO, executive leadership, and the Board. You will partner closely with Security Engineering, IT, Legal, Compliance, the Data Privacy Officer, and every business unit whose work intersects controls.

Lendistry is a CDFI and SBA Preferred Lender operating under a dense, overlapping regulatory environment — SBA, state lending, banking partners, investor covenants, SOC 2, GLBA, and California privacy law. Controls are not a paperwork exercise here; they are the operating license. As GRC Data Analyst, you are the person who makes those controls legible, measurable, and auditable. The quality of your work determines how quickly Lendistry can close audits, onboard banking and capital-markets partners, respond to regulators, and earn the trust that lets us keep deploying capital to small businesses.

Lendistry:
Who We Are We’re proud to be the nation’s largest minority-led, tech-savvy lender for small businesses and commercial real estate. As a certified Community Development Financial Institution (CDFI) and Community Development Entity (CDE), our mission is all about creating economic opportunities and fueling growth for small business owners and their communities. Join us as we pave the way with innovative financing and financial education!

What You’ll Be Doing (General Responsibilities)
As GRC Data Analyst, you will own and evolve the operational core of Lendistry's compliance program, including:

The Lendistry control library — a single, framework-mapped source of truth for how we meet SOC 2, GLBA, SBA, state lending, and CCPA/CPRA obligations.

The evidence automation layer — the integrations and workflows that keep control evidence fresh without burning out the team.

The GRC reporting stack — dashboards and narratives for the CISO, executive leadership, and the Board; audit packages for external parties.

The vendor risk program — a defensible, documented record of who touches our data, how, and with what controls in place.

The risk register — kept current, kept honest, and tied to real mitigation commitments.

Control Management & Evidence Operations Maintain the Lendistry control inventory — SOC 2, GLBA safeguards, SBA-aligned program controls, and state lending controls — mapped across…