Compliance Director
EEOC
Leadfull-time$124k–$207k / yearMaryland, New Jersey, Pennsylvania, Virginia, Washington · 🇺🇸 United States
Posted: 2 hours agoSource: careers-fult.icims.com
GRC Analyst – Governance, Risk, Compliance
YipitData
full-time
Posted on:
Location Type: Remote
Location: Remote • New York • 🇺🇸 United States
Visit company websiteSalary
💰 $87,000 - $100,000 per year
Job Level
JuniorMid-Level
About the role
- Ensure that DOJ/CISA compliance requirements are properly tracked, and serve as the coordination point for external audits/assessments.
- Collaborate with the Security Program Manager to manage the day-to-day execution of compliance requirements and our SOC 2 program. This includes evidence collection, control testing, and remediation tracking.
- Partner with auditors to coordinate readiness assessments, walkthroughs, and ongoing audits.
- Maintain and update our security policies, procedures, and documentation.
- Own the third-party risk management process, including vendor due diligence, risk assessments, and contract security reviews.
- Ensure that vendors meet Yipit’s security requirements and document remediation plans for identified gaps.
- Collaborate with Sales on the response process for customer and prospect security questionnaires.
- Maintain a library of standard responses and security artifacts (SOC 2 report, policies, security architecture diagrams, etc.) to streamline response efforts.
- Support risk assessments across teams and projects, documenting risks and remediation plans.
- Manage compliance evidence repositories and ensure all required documentation is audit-ready.
- Collaborate with IT, Engineering, and Operations to embed GRC practices into daily workflows.
Requirements
- Have 2–4 years of experience in GRC, security compliance, or audit roles.
- Have direct experience with SOC 2 programs, vendor risk management, or security questionnaires.
- Understand how to map controls to frameworks like NIST CSF, SOC 2, ISO 27001, or NIST 800-53.
- Are detail-oriented and thrive at organizing evidence, documentation, and workflows.
- Can manage multiple projects while meeting deadlines.
- Communicate complex security and compliance topics clearly to both technical and non-technical partners.
- Hold or are working toward relevant certifications (e.g., CISA, CISSP, CISM, CCSK, ISO 27001 Lead Implementer) – highly valued but not required.
- Have a Bachelor’s degree in Information Security, Information Systems, Computer Science, or a related field (or equivalent work experience).
Benefits
- Flexible work hours, flexible vacation, and a generous 401K match
- Parental leave, team events, wellness budget, and learning reimbursement
- Growth based on impact, not tenure or politics
- A culture built on ownership, respect, collaboration, and trust
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
GRCsecurity complianceauditSOC 2vendor risk managementNIST CSFISO 27001NIST 800-53evidence collectioncontrol testing
Soft skills
detail-orientedorganizational skillsproject managementcommunicationcollaborationproblem-solvingtime managementadaptabilitycritical thinkinginterpersonal skills
Certifications
CISACISSPCISMCCSKISO 27001 Lead Implementer
