×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security

Senior GRC Analyst

Job in Sumter, Sumter County, South Carolina, 29150, USA
Listing for: Benepass
Full Time position
Listed on 2026-06-27
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security
Salary/Wage Range or Industry Benchmark: 130000 - 160000 USD Yearly USD 130000.00 160000.00 YEAR
Job Description & How to Apply Below

Location

U.S Remote

Employment Type

Full time

Department

Engineering

Team & Role

As a Senior GRC Analyst at Benepass, you will help operate and mature the governance, risk, compliance, audit readiness, and customer assurance programs that support our business, customers, and employees. You will work across security policies, internal controls, audit evidence, risk tracking, security questionnaires, and compliance operations.

Reporting to the Head of Infosec & GRC, you will be a key individual contributor on a lean security team. You will partner closely with Security, Engineering, IT, People, Legal, Finance, Sales, Customer Success, and Product to make our security and compliance programs clear, practical, and reliable.

You are detail-oriented, organized, and pragmatic. You know how to bring structure to ambiguity, communicate clearly with technical and non-technical stakeholders, and balance compliance rigor with the speed of a growing startup.

Role Location & Travel

This remote role is based in the United States or Canada. You will be expected to attend company-wide on-site events three to four times per year, as well as occasional on-site office travel as necessary.

What You'll Do

  • Governance & Policy: Maintain and improve information security policies, standards, procedures, control documentation, and related governance materials.

  • Control Mapping: Help map policies and controls to frameworks such as SOC 2, ISO 27001/27002, HITRUST, NIST CSF 2.0, and other customer, regulatory, or security requirements.

  • Policy Operations: Support policy exceptions, risk acceptances, remediation tracking, control owner follow-ups, and recurring governance workflows.

  • Compliance & Audit Readiness: Support SOC 2, ISO 27001, and HITRUST readiness, audit preparation, evidence collection, auditor coordination, and audit response management.

  • Control Testing: Maintain recurring evidence-gathering and control testing workflows, helping ensure controls operate consistently across the business.

  • Findings & Remediation: Track audit findings, control gaps, remediation plans, owners, due dates, and closure evidence.

  • Risk Management: Support risk assessments, control gap assessments, internal reviews, and maintenance of the risk register.

  • Business Communication: Translate technical and security risks into clear business language, including mitigations, ownership, timelines, and residual risk.

  • Customer Assurance: Own or support customer security questionnaires, RFP security sections, due diligence requests, and trust or compliance documentation.

  • Response Libraries: Maintain reusable questionnaire content, approved responses, compliance artifacts, and customer-facing assurance materials.

  • Security Awareness: Support employee security awareness programs and create clear internal guidance for policies, controls, and compliance responsibilities.

  • Vendor Risk: Support vendor security reviews, third-party risk assessments, remediation tracking, risk acceptance documentation, and vendor compliance evidence.

  • Tooling & Process Improvement: Use GRC platforms such as Vanta, Drata, Thoropass, Secureframe, or similar tools to improve evidence collection, control monitoring, task tracking, reporting, and repeatable compliance operations.

What We're Looking For

  • 5+ years of experience in GRC, information security compliance, IT audit, risk management, security assurance, or a closely related field.

  • Hands-on experience supporting SOC 2 audits and readiness activities.

  • Working knowledge of ISO 27001/27002, HITRUST, NIST CSF, or similar security and compliance frameworks.

  • Experience maintaining security policies, controls, control narratives, evidence repositories, and audit documentation.

  • Experience supporting internal or external audits, including evidence collection, auditor coordination, control owner follow-up, and remediation tracking.

  • Strong written communication skills, with the ability to produce clear policies, questionnaire responses, process documentation, and stakeholder updates.

  • Excellent attention to detail and project management discipline.

  • Experience responding to customer security questionnaires, RFP security sections, or due diligence requests.

  • Familiarity…

Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search