Senior Analyst – Governance, Risk, Compliance
iVerify
full-time
Posted on:
Location Type: Remote
Location: Remote • 🇺🇸 United States
Visit company websiteJob Level
Senior
About the role
- Lead and support Governance, Risk, and Compliance (GRC) initiatives, including policy development, control assessments, and audit readiness.
- Own and manage responses to customer and vendor security questionnaires, ensuring timely, accurate, and consistent communication.
- Collaborate with cross-functional teams (Security, Finance, Engineering, Product, and Sales) to maintain compliance with frameworks such as SOC 2, ISO 27001, and GDPR.
- Support third-party risk management activities, including vendor assessments and remediation tracking.
- Monitor regulatory and compliance developments to ensure internal policies and controls remain current.
- Assist in preparing evidence for internal and external audits and certifications.
- Contribute to security awareness and training programs.
- Manage GRC operations, maintaining policies, procedures, and evidence in Vanta to ensure continuous compliance with frameworks.
- Review and update security controls in Vanta, ensuring all systems and integrations remain connected and compliant.
- Monitor compliance tasks and remediation tickets in Vanta, following up with internal stakeholders to ensure timely completion.
- Respond to customer and vendor security questionnaires, collaborating with Product, Engineering, and Legal teams for accurate and efficient responses.
- Prepare and organize audit evidence for compliance and privacy, ensuring readiness for internal and external audits.
- Conduct regular risk assessments, document findings, and track mitigation efforts.
- Support third-party risk management – perform vendor reviews/assessments, track projects, and follow up on remediation actions.
- Monitor regulatory updates and recommend changes to internal policies or controls as needed.
- Assist with security awareness training and ongoing employee compliance efforts.
Requirements
- Bachelor’s degree in Information Security, Computer Science, Business, or a related field (Master’s degree a plus).
- 5+ years of experience in information security, risk management, or compliance.
- Prior experience in a Big Four consulting firm or similar professional services environment preferred.
- Strong understanding of security frameworks (SOC 2, ISO 27001, NIST, GDPR, etc.).
- Excellent written and verbal communication skills — especially in translating technical details into clear, business-focused language.
- Demonstrated experience responding to security questionnaires and due diligence requests.
- Highly organized, detail-oriented, and able to manage multiple priorities in a remote environment.
Benefits
- Diversity, Equity, and Inclusion
- Inclusive workplace and community
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
Governance, Risk, and Compliance (GRC)policy developmentcontrol assessmentsaudit readinessthird-party risk managementrisk assessmentssecurity frameworkssecurity questionnairesremediation trackingcompliance monitoring
Soft skills
communication skillsorganizational skillsdetail-orientedability to manage multiple prioritiescollaborationtraining and awarenesstranslating technical detailstimely communicationproblem-solvingstakeholder management
Certifications
Bachelor’s degree in Information SecurityBachelor’s degree in Computer ScienceBachelor’s degree in BusinessMaster’s degree in related field