More jobs:
Governance, Risk, Compliance & Trust Analyst
Job in
Oakland, Alameda County, California, 94616, USA
Listed on 2026-07-06
Listing for:
Menlo Ventures
Full Time
position Listed on 2026-07-06
Job specializations:
-
IT/Tech
Information Security, Cybersecurity, IT Business Analyst
Job Description & How to Apply Below
Job Overview
At Everlaw, our mission is to promote justice by illuminating truth. We build technology that helps legal teams find the information they need to achieve their truth‑finding goals. As a GRCT Analyst, you will independently drive moderately complex trust, compliance, and risk work streams that help Everlaw scale responsibly and earn customer and regulator trust over time.
Compliance Support- Audit readiness across core frameworks such as FedRAMP, SOC2, and ISO
27001/27017/27018 by organizing evidence, maintaining documentation quality, and partnering with control owners to close gaps. - Manage compliance operations requiring structured follow‑through, including evidence requests, policy and procedure updates, control narrative maintenance, and recurring review cycles.
- Partner cross‑functionally with Security Engineering, Dev Ops, IT, Legal, People, Procurement, and other stakeholders to gather inputs, validate implementation details, and produce audit‑ready or stakeholder‑ready outputs.
- Maintain strong execution against defined compliance SLAs, milestones, and recurring obligations, escalating risks early and driving issues through resolution.
- Translate technical, operational, and regulatory topics into clear written deliverables for internal and external audiences, including concise summaries of requirements, risks, tradeoffs, and recommendations.
- Support internal risk and governance processes, including security impact analyses, change‑related compliance reviews, and other structured review workflows as assigned.
- Contribute to the ongoing operation of the Public Sector Clearance Program, guiding new cohorts, maintaining status, tracking open issues, and communicating program updates to Everlaw stakeholders.
- Manage customer security questionnaires, trust inquiries, and related diligence requests with minimal supervision, including researching answers, validating claims, gathering evidence, and producing accurate, customer‑ready responses.
- Maintain and improve customer‑facing trust content across repositories, trust portals, knowledge resources, and standard response libraries to enable consistent and efficient recurring requests.
- Partner closely with Security Engineering, Dev Ops, Legal, GTM, Product, IT, and other stakeholders to collect inputs, resolve ambiguities, and ensure trust responses reflect current implementation and approved positioning.
- Help maintain strong execution against trust‑related SLAs and operating expectations, including turnaround time, response quality, and internal coordination on high‑priority or high‑visibility requests.
- Identify gaps, inconsistencies, or stale content in trust materials and proactively drive updates so that customer‑facing representations remain accurate, supportable, and easy to reuse.
- Support broader trust enablement initiatives, including trust center improvements, evidence library maintenance, standardization of response content, and process improvements that reduce manual effort and rework.
- Use workflow data and request trends to identify recurring customer concerns, bottlenecks, and improvement opportunities, then recommend practical changes to content, process, or tooling.
- Own end‑to‑end delivery of moderately complex vendor review work streams, including intake review, scoping, dependency management, stakeholder coordination, and timely completion with limited oversight.
- Conduct security and compliance reviews of third parties by gathering and analyzing documentation such as security questionnaires, architecture details, data flow information, attestations, policies, and contractual commitments.
- Evaluate vendor security posture against Everlaw requirements for confidentiality, integrity, availability, privacy, access control, incident response, change management, and regulatory obligations.
- Partner with Procurement, Legal, Security Engineering, IT, business owners, and other stakeholders to validate proposed use cases, clarify data access patterns, and ensure risks are understood before onboarding or renewal decisions are made.
- Help determine whether vendor controls, architecture, access models, and contractual terms are…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×