Senior GRC Analyst
Listed on 2026-06-18
-
IT/Tech
Cybersecurity, Information Security
About This Role
We’re seeking a GRC Analyst to support the day-to-day execution of our Governance, Risk, and Compliance program. Reporting to the Head of GRC, this role focuses on operational compliance activities; including user access reviews, evidence collection, customer trust support, and vendor risk management.
You’ll play a key role in maintaining our continuous compliance posture by supporting audits, updating policies, responding to customer security inquiries, and helping improve processes within our GRC platform. The ideal candidate is detail-oriented, organized, and proactive, with a strong interest in improving efficiency through automation and AI tools.
What You’ll Be Working OnSupporting User Access Reviews (UARs) across systems and applications on a recurring schedule
Monitoring completion of security awareness training and following up with teams as needed
Assisting in maintaining and updating organizational security policies and standards
Supporting third-party security assessments and vendor risk management processes
Collecting, organizing, and preparing audit evidence for SOC 2, ISO 27001, HIPAA, and other frameworks
Partnering with internal teams to ensure evidence is accurate, current, and audit‑ready
Responding to customer security questionnaires and due diligence requests with guidance from senior team members
Maintaining and updating audit and compliance documentation
Supporting updates and improvements within the GRC platform, including control tracking and workflows
Identifying opportunities to streamline and improve GRC processes
Leveraging AI tools to streamline GRC activities, including drafting responses, summarizing evidence, and enhancing program documentation
Tracking compliance tasks and supporting reporting on control health and program status
5-7 years of experience in GRC, information security, IT audit, or a related compliance role
Foundational knowledge of compliance frameworks such as SOC 2, ISO 27001, HIPAA, or NIST CSF
Experience working with GRC platforms (Vanta preferred; Drata, Audit Board, or similar tools also valued)
Hands‑on experience performing user access reviews, vendor risk assessments, or audit support activities
Familiarity with customer security questionnaires and customer trust processes
Comfort using AI tools (e.g., Gemini, Claude, Copilot) to improve efficiency in day‑to‑day work
Certifications such as Security+, CISA (in progress), or ISO 27001 foundations
Exposure to cloud environments (GCP preferred; AWS/Azure helpful)
Experience with policy management or security awareness training tools
Interest in AI governance, risk, or emerging compliance frameworks
Competitive compensation and equity packages
Restricted Stock Units
Paid time off, paid holidays & leave of absence programs
Comprehensive health, dental & vision insurance
Employer contributions to HSA account
Paid parental leave
Paid life insurance, short-term and long-term disability
Professional development & tuition reimbursement
Mental health & wellness support
Commuter benefits (parking & transit)
Cell phone stipend
401(k) retirement plan with company match up to 4% of salary
Volunteer time off
Global travel insurance & emergency assistance
Daily meals allowance
Additional perks & programs specific to location
Compensation will be paid in the range of up to $130,000 - $150,000 + Bonus. Restricted Stock Units are included in all offers. Compensation to be determined by the applicants knowledge, education, and abilities, as well as internal equity and alignment with market data.
Crusoe is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, disability, genetic information, pregnancy, citizenship, marital status, sex/gender, sexual preference/ orientation, gender identity, age, veteran status, national origin or any other status protected by law or regulation.
#J-18808-Ljbffr(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).