×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security IT Business Analyst

Lead Governance, Risk, and Compliance; GRC Analyst

Job in San Francisco, San Francisco County, California, 94199, USA
Listing for: Morrison & Foerster LLP
Full Time position
Listed on 2026-01-12
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security, IT Business Analyst
Salary/Wage Range or Industry Benchmark: 250000 USD Yearly USD 250000.00 YEAR
Job Description & How to Apply Below
Position: Lead Governance, Risk, and Compliance (GRC) Analyst

Lead Governance, Risk, and Compliance (GRC) Analyst

Req

Position Type:
Information Technology

Job Overview

At MoFo, we couldn't write our own success story without yours. Ready to write your story?

Join MoFo as a LEAD GRC ANALYST on our Information Technology team!

This role can be based in San Francisco, Palo Alto, Los Angeles, San Diego, Denver, Austin, Boston, New York or Washington, D.C.

ABOUT THE ROLE

The Lead Governance, Risk, and Compliance (GRC) Analyst is responsible for managing the firm’s information security governance, risk, and compliance program. This role serves as the operational lead for maintaining ISO 27001 certification, managing client and vendor audits, overseeing policy governance, and ensuring continuous audit readiness across all systems and jurisdictions. The ideal candidate will be a subject matter expert in information security controls and audit practices, with deep experience in ISO 27001, NIST, and related frameworks.

This position requires strong leadership, collaboration, and communication skills, along with the ability to engage effectively with senior leadership, clients, and external auditors.

Governance, Risk & Compliance

  • Lead and manage the firm’s Information Security Management System (ISMS) to maintain ISO 27001 certification and ongoing compliance.
  • Develop, implement, and monitor controls aligned with ISO 27001, NIST 800-53, DOJ, and CISA EO 14117 frameworks.
  • Serve as the primary liaison for internal, external, client, and vendor security audits, including documentation, evidence, and remediation tracking.
  • Manage the firm’s compliance calendar and ensure timely completion of assessments, certifications, and audits.
  • Improve compliance processes through automation, standardized evidence tracking, and enhanced reporting.
  • Oversee the governance and maintenance of security and privacy policies to ensure alignment with frameworks and regulatory requirements.
  • Conduct risk assessments and document mitigation strategies.
  • Collaborate with IT, Legal, Privacy, and business units to ensure consistent control implementation and reporting.
  • Track and report key performance metrics to measure compliance posture and program maturity.

Audit and Compliance Leadership

  • Manage all phases of ISO, client, and vendor audit cycles, from scoping to evidence delivery.
  • Engage with auditors, clients, and stakeholders to explain controls, policies, and security practices.
  • Maintain continuous audit readiness and coordinate corrective actions and improvement plans as needed.

Policy and Documentation Management

  • Maintain ISMS documentation, control inventories, and audit evidence repositories.
  • Review and update policies, procedures, and standards for clarity and alignment with business and legal requirements.
  • Prepare executive-level reports summarizing compliance posture and audit outcomes.

Program Maturity and Process Improvement

  • Identify opportunities to enhance compliance operations through process and technology improvements.
  • Lead initiatives to automate control monitoring and evidence collection.
  • Stay current on evolving regulatory requirements and advise leadership on necessary updates.

Client Service and Confidentiality

  • Serve as the primary client-facing representative for security and compliance inquiries.
  • Ensure timely and professional communication during client and vendor audit engagements.
  • Uphold firm confidentiality standards and elevate potential data protection or compliance incidents as required.

ABOUT YOU

  • Bachelor’s degree or higher in Information Technology, Cybersecurity, Business, or a related field.
  • 710 years of experience in information security governance, risk, and compliance roles.
  • Proven success managing ISO 27001 programs, client security audits, and vendor assessments.
  • Deep knowledge of ISO 27001 and NIST 800-53 frameworks; familiarity with DOJ and CISA EO 14117 guidance preferred.
  • Demonstrated ability to operate independently, lead audit activities, and manage complex compliance programs.
  • Strong background in control design, mapping, and governance documentation.
  • Required certifications: CISSP, CISA, or equivalent.
  • Preferred certifications: ISO 27001 Lead Auditor or Lead Implementer, CISM, or…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search