Doppel

Senior GRC Analyst

Doppel

full-time

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Apply

Salary

💰 $120,000 - $140,000 per year

Job Level

Senior

Tech Stack

AWSAzureCloudCyber SecurityGoogle Cloud PlatformSDLC

About the role

  • Lead audits & certifications: Own preparation, execution, and ongoing maintenance for ISO 27001, ISO 27701, ISO 42001, and SOC 2, including gap analyses, remediation, evidence collection, auditor coordination, and management system documentation.
  • Manage enterprise risk: Operate the security and enterprise risk program, maintain the risk register, perform system/vendor/AI risk assessments, and drive remediation and risk acceptance processes.
  • Ensure control effectiveness: Design and execute control testing, track exceptions and corrective actions, and streamline compliance across frameworks (ISO, SOC 2, NIST, GDPR/CPRA, PCI, HIPAA/HITRUST).
  • Oversee access governance: Lead periodic access reviews, enforce least-privilege and joiner/mover/leaver controls, and monitor privileged account usage.
  • Drive vendor & third-party risk management: Conduct due diligence, risk tiering, contract security/privacy requirements, and ongoing monitoring of critical suppliers and partners.
  • Support customer trust: Own security and privacy questionnaires, RFP responses, and Trust Center content; engage with customers and sales teams to communicate our security posture.
  • Advance governance & privacy: Maintain the policy lifecycle, role-based training, and privacy processes.
  • Enhance resilience & reporting: Support incident response exercises, business continuity/disaster recovery testing, and deliver dashboards/metrics on risks, controls, access reviews, vendor posture, and audit readiness.

Requirements

  • 5–7+ years in GRC, audit, or risk. At least 3+ years leading ISO 27001 certification/surveillance cycles and SOC 2 Type II audits; hands‑on experience with ISO 27701 and ISO 42001 or equivalent AI governance programs.
  • Proven ownership of SOC 2 programs (scope, controls, evidence, auditor management) and continuous compliance in cloud‑first environments (AWS/Azure/GCP, SaaS).
  • Strong command of management systems (ISMS/PIMS/AIMS), Trust Services Criteria, control testing, sampling, and evidence sufficiency.
  • Practical experience running access certifications, vendor risk reviews, and customer security questionnaires/RFPs at scale.
  • Familiarity with privacy and data governance (GDPR/CPRA), and secure SDLC/change management.
  • Comfortable with GRC tooling and automation, ticketing and collaboration workflows, and basic scripting/queries to pull evidence when needed.
  • Clear communicator who can instill a culture of accountability.
GEICO

Staff Security Engineer - Vulnerability Management (REMOTE)

GEICO
Leadfull-time$115k–$230k / year🇺🇸 United States
Posted: 36 days agoSource: geico.wd1.myworkdayjobs.com
AWSAzureCloudCyber SecurityGoogle Cloud PlatformLinuxPythonSDLC
TherapyNotes, LLC

Senior Cloud Security Engineer

TherapyNotes, LLC
Seniorfull-time$110k–$135k / year🇺🇸 United States
Posted: 16 days agoSource: apply.workable.com
AWSAzureCloudCyber SecurityFirewallsLinuxSDLC
Sully.ai

Security & Compliance Manager, Healthcare

Sully.ai
Mid · Seniorfull-time🇺🇸 United States
Posted: 34 days agoSource: jobs.ashbyhq.com
AWSAzureCloudGoogle Cloud PlatformPythonSQLTerraform

Technical Team Lead, Cloud Security

Thinkahead Consultant Psychologist Pty Ltd
Seniorfull-time🇮🇳 India
Posted: 5 days agoSource: jobs.lever.co
AWSAzureCloudCyber SecurityGoogle Cloud PlatformVault
Rain

Senior Application Security Engineer

Rain
Seniorfull-time🇺🇸 United States
Posted: 12 days agoSource: raintechnologiesinc.applytojob.com
AWSAzureCloudCyber SecurityGoGoogle Cloud PlatformGrafanaJavaScriptKubernetesMicroservicesNode.jsPython+3 more