GRC Analyst

We believe everyone deserves access to affordable and simple legal services. Founded in 2008, Rocket Lawyer is the largest and most widely used online legal service platform in the world. With offices in North America, South America, and Europe, Rocket Lawyer has helped over 30 million people create over 50 million legal documents, and get their legal questions answered.

We are in a unique position to enhance and expand the Rocket Lawyer platform to a scale never seen before in the company’s history, to capture audiences worldwide. We are expanding our team to take on this challenge!

Rocket Lawyer to rapidly grow its business into the legal tech world, leveraging our quickly developing AI technology. As part of this continued growth, more analysis is made by each of our customers on Rocket Lawyer’s security practice from a GRC standpoint. Additionally, as we continue to grow, our risk profile grows and must be managed appropriately.

Rocket Lawyer is looking for a motivated individual with a strong fundamental understanding of GRC to mature our program, along with the continued company growth. In 2025, we established our first proper GRC function on our journey to obtaining our first SOC2 Type II certification as a business. In 2026, we plan to obtain an ISO 27001 certification in addition to streamlining and building out all of our controls, as well as more closely staying on top of company risks.

• Assist in identifying, assessing, and tracking risks across IT and enterprise functions.
• Maintain risk register in GRC and CRQ tools, ensuring business understanding of all existing risks.
• Perform threat modeling across different business applications.
• Support maintenance of the enterprise risk register and dashboards used by leadership.

• Help draft, organize, and maintain policies, standards, and procedures.
• Analyze, recommend, and implement security best practices.
• Support compliance awareness campaigns and training that promote a culture of risk accountability.

• Learn and assist in mapping controls to frameworks such as SOC2 , NIST CSF , COBIT , ISO 27001, GDPR , CCPA , and ISO 42001.
• Crosswalk and harmonize controls across multiple compliance frameworks.
• Support tracking and validation of control effectiveness through GRC tools or reports.

• Partner with security leadership to prepare reports, metrics, and presentations for management.
• Contribute to meetings with stakeholders across Legal, Finance, IT, and Operations.
• Work with sales teams to respond to customer questionnaires for RL Security.
• Responsible for reviewing vendor risk profiles and approving vendors for use at Rocket Lawyer.

• Provide day-to-day administrative and research assistance to the security team.
• Demonstrate initiative, curiosity, and a commitment to learning risk and compliance fundamentals.

• While GRC is the primary focus of this role, Rocket Lawyer’s security team must be nimble and cross-trained across multiple disciplines.
• You will likely be asked to learn tools that are not focused on GRC to provide backup if other team members are not around, or to just expand your knowledge and provide additional coverage.
• All team members are expected to join team calls and contribute to the team’s overall success, regardless of whether a given topic is specific to their titled role.

• Bachelor’s or Graduate degree in Cybersecurity, Information Systems, or a related field, or relevant job experience.
• 1-3 yearsof relevant experience (cybersecurity, audit, risk, compliance, GRC ).
• Solid understanding of fundamental security and IT concepts (access controls, data retention, change management, etc.).
• Familiarity with major security and privacy frameworks (ISO, NIST , SOC 2, HIPAA , etc.).
• Strong critical thinking, organization, and communication skills.
• Ability to balance multiple projects and deadlines with exceptional follow-through.
• Technical aptitude — you’re curious, you learn fast, and you don't shy away from…