Governance, Risk, and Compliance; GRC Senior Analyst

Governance, Risk, and Compliance (GRC) Senior Analyst

About Fulcrum

We operate at the intersection of technology and law, in an industry that demands agility and innovation. Our team is dedicated to developing advanced solutions for legal professionals. Our daily work involves tackling intricate challenges, providing reliable, efficient, and smart solutions for legal experts across the globe. Join us in reshaping the legal landscape with groundbreaking technology.

About the Role

We are seeking an experienced Governance, Risk, and Compliance (GRC) Senior Analyst to join our Info Sec team. This role will be instrumental in maintaining and enhancing our organization's compliance posture across multiple regulatory frameworks and industry standards. The ideal candidate will have deep expertise in compliance management, risk assessment, and audit coordination, with a proven track record of successfully managing complex compliance programs.

Compliance Program Management

• Lead continuous compliance and operating effectiveness across SOC 1, SOC 2, ISO/IEC 27001, ISO/IEC 42001, and CSA Star Level 2 certification programs.
• Prepare policy, procedures, and control design updates to ensure ongoing compliance with applicable standards and frameworks.
• Monitor regulatory changes and emerging compliance requirements, assessing impact and recommending necessary updates to Fulcrum’s policies and control activities.
• Conduct risk assessments to identify, analyze, and prioritize organizational risks.
• Develop and maintain risk registers and oversee progress on risk treatment plans.
• Collaborate with business units to ensure risk management practices and control activities are integrated into operational processes.
• Track and report on key risk indicators (KRIs) and compliance metrics.

Control Framework Development

• Ensure that the design of control activities is documented accurately and recommend ongoing improvements to Fulcrum’s control catalog.
• Obtain, assess, and maintain control activity evidence for audit readiness.
• Support remediation efforts for identified control gaps and deficiencies.

Audit and Assessment Coordination

• Prepare audit documentation and corrective action plans as necessary.
• Track remediation activities and ensure timely closure of audit findings.

Stakeholder Collaboration

• Partner with cross-functional teams including IT, Legal, and Business Development to advance compliance initiatives
• Provide guidance to Fulcrum GT staff on compliance requirements and best practices.
• Communicate compliance status, risks, and recommendations to senior leadership.
• Serve as a subject matter expert on GRC matters across the organization

• Bachelor's degree in Information Security, Computer Science, Business Administration, Risk Management, or a related field.

• Minimum 3-5 years of experience in governance, risk, and compliance roles.
• Demonstrated experience managing multiple compliance frameworks simultaneously.
• Proven track record of successfully leading audit readiness and certification efforts.
• Experience working with external auditors and certification bodies.

• Strong understanding of information security principles, practices, and technologies.
• In-depth knowledge of risk management methodologies and frameworks (e.g., NIST CSF, COBIT).
• Familiarity with GRC tools and platforms (experience with Vanta a plus).
• Understanding of cloud security and international privacy considerations.

Professional Certifications (One or more of the following)

• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Security Professional (CISSP)
• Certified in Governance of Enterprise IT (CGEIT)

• Full-time