×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security IT Support

GRC Analyst

Job in Irvine, Orange County, California, 92618, USA
Listing for: Ease, Inc
Full Time position
Listed on 2026-06-20
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security, IT Support
Salary/Wage Range or Industry Benchmark: 110000 - 135000 USD Yearly USD 110000.00 135000.00 YEAR
Job Description & How to Apply Below
Ease is hiring a GRC Analyst to support our governance, risk, and compliance program as we mature our security posture and expand into new compliance frameworks. This is a hands-on role at the intersection of security, engineering, and the business - you'll be the operational engine behind how Ease maintains its compliance commitments and earns customer trust.

You'll work closely with our security engineers and an external CMMC consultant to keep our SOC 2 program healthy, advance our CMMC Level 2 readiness, and bring rigor to how we assess applications, AI tools, and vendors before they enter the environment.

Position Summary
You will be the day-to-day driver of compliance work 'll support our SOC 2 Type II cycle, conduct security and privacy reviews of new applications and AI tools, run our vendor risk intake, and partner with our CMMC consultant on Level 2 implementation tasks. As we adopt a GRC platform, you'll help drive the rollout and become its primary administrator.

You are organized, methodical, and a strong written communicator. You can pick up technical concepts quickly, work alongside security engineers without getting lost in the details and turn the messy reality of compliance work into clean process and clear evidence. You enjoy the mix of audit work, project management, and stakeholder communication that comes with GRC.

Position Location: Hybrid - 3 days in Irvine office

Annual Salary Range: $110,000 - $135,000

What You'll Do
  • Support the SOC 2 program. Drive day-to-day execution of the annual Type II cycle, including evidence collection, control walkthroughs, gap remediation tracking, and auditor support.
  • Partner on CMMC Level 2 implementation. Work alongside our external CMMC consultant and security engineers on System Security Plan (SSP) development, CUI scoping, evidence collection, and C3

    PAO assessment readiness.
  • Assess applications and AI tools. Conduct security and privacy reviews on new applications, AI/ML services, and other tools before they enter the environment. Maintain an inventory of AI tools and contribute to our AI governance work.
  • Run vendor and third-party risk intake. Own the vendor security review process, complete questionnaires, and maintain the vendor risk register.
  • Maintain policy and procedure. Help author and maintain our security policy library so it stays aligned with SOC 2, CMMC, and how we actually operate.
  • Support the risk register. Contribute to formal risk assessments and keep the enterprise risk register current.
  • Coordinate audit and assessment logistics. Manage evidence requests during audits, schedule walkthroughs, run quarterly access reviews, and track remediation items through closure.
  • Administer our GRC platform. Help select and roll out our GRC platform then own day-to-day administration including integrations, control mapping, and evidence automation.
  • Drive compliance through Jira. Create, route, and monitor security and compliance tickets and partner with engineering on remediation timelines.
  • Audit change management hygiene. Monitor engineering Jira queues to ensure tickets meet our compliance formatting and content standards, verify that pull requests are properly linked to Jira tickets, and confirm required notes and documentation are captured for each change.
  • Support customer trust. Respond to customer security questionnaires and help maintain our trust center content.
  • Run security awareness. Manage the employee security awareness program, including training assignments, phishing simulations, and completion tracking.
Required Qualifications & Skills
  • 3+ years of experience in a GRC, security compliance, IT audit, or closely related role.
  • Hands-on experience contributing to SOC 2, ISO 27001, HIPAA, or similar compliance program work.
  • Working knowledge of cloud and SaaS security concepts (AWS, Azure, or GCP, plus the common SaaS stack).
  • Experience completing vendor security assessments and customer security questionnaires.
  • Comfortable working in Jira and other engineering tooling.
  • Strong written communication, with the ability to write clearly for both engineering and non-technical audiences.
  • Strong attention to detail and a methodical approach to…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search