You will report to the VP of Information Security.
Own the day-to-day operation and continuous improvement of Aya’s enterprise GRC program, with a focus on modernization and scale.
Serve as the primary owner of ServiceNow GRC / IRM, driving configuration, optimization, and adoption across the organization.
Design and evolve how regulatory and framework requirements are translated into scalable, automated controls and workflows.
Lead compliance efforts for SOC 2 and ISO/IEC 27001:2022, including readiness activities, audit execution support, and remediation tracking.
Establish clear control ownership, traceability, and audit-ready documentation that teams can confidently operate against.
Champion a compliance automation mindset, improving automated control testing, evidence collection, reporting, and dashboards to reduce manual effort and operational friction.
Collaborate with ServiceNow platform and engineering partners to ensure GRC solutions are scalable, supportable, and well-integrated.
Build and use dashboards and metrics to communicate compliance posture, trends, and risk insights to leadership.
Manage, coach, and develop a team of compliance analysts, setting clear expectations, accountability, and quality standards while supporting career growth.
Act as a trusted GRC partner across Security, IT, Engineering, Finance, Legal, and Privacy, translating risk and compliance concepts into business‑relevant language that enables action.

Requirements

5+ years of experience in Governance, Risk, and Compliance (GRC), Information Security, or related disciplines.
2+ years of hands-on, delivery ownership experience with ServiceNow GRC / IRM, beyond end‑user or evidence‑submission activity. Experience should include administrative or configurator‑level responsibilities such as control and framework mapping, workflow design, automated evidence collection or control testing, and reporting or dashboard creation.
Demonstrated experience running or materially contributing to a GRC program, with an emphasis on modernization, scalability, and continuous improvement.
Strong working knowledge of SOC 2 and ISO/IEC 27001:2022.
Proven experience leading or mentoring compliance analysts, with strong written and verbal communication skills and the ability to influence across teams.

Benefits

Free premium medical, dental, life and vision insurance
Generous 401(k) match
Aya also offers other benefits to those that are eligible and where required by applicable law, including reimbursements and discretionary bonuses
Aya provides paid sick leave in accordance with all applicable state, federal, and local laws. Aya’s general sick leave policy is that employees accrue one hour of paid sick leave for every 30 hours worked. However, to the extent any provisions of the statement above conflict with any applicable paid sick leave laws, the applicable paid sick leave laws are controlling
Celebrations! We hit our goals and reward ourselves.
Company-sponsored virtual events, happy hours and team-building activities are always on the horizon — plus, you get a special treat on your birthday!
Unlimited DTO — we believe in time off!
Virtual yoga, meditation or boot camp classes offered daily

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Governance, Risk, and Compliance (GRC)ServiceNow GRCServiceNow IRMcontrol mappingworkflow designautomated evidence collectioncontrol testingreportingdashboard creationcompliance automation

Soft Skills

leadershipmentoringwritten communicationverbal communicationinfluencingcollaborationaccountabilityquality standardscareer growth supportclear expectations

Certifications

SOC 2ISO/IEC 27001:2022