Governance, Risk, and Compliance Analyst
You.com · San Francisco, CA · 3 wk ago
HybridLegal$150k–$180k/yrFull-time
About the role
We are seeking a GRC Analyst to join our Security, IT, and Privacy function. This role will own and manage compliance programs across frameworks including SOC 2, ISO 27001, GDPR, CCPA, HIPAA, and FedRAMP. The goal is to earn and keep the trust of our customers by translating security and risk into actionable controls and processes.
Responsibilities
- Own and manage compliance programs across frameworks including SOC 2, ISO 27001, GDPR, CCPA, HIPAA, and FedRAMP
- Coordinate audit activities end-to-end: evidence collection, documentation, auditor responses, and remediation tracking
- Leverage AI and other tools to deliver metrics that stakeholders can consume and understand
- Conduct vendor and third-party risk assessments; manage the due diligence lifecycle for new and existing partners
- Help manage security and risk reviews (e.g. DDQs, VSQs) as part of the procurement process in collaboration with the Legal, Finance, and Security team
- Assist with building and maintaining compliance policies, procedures, and supporting documentation for security and compliance
- Translate regulatory and contractual requirements into actionable controls and processes
- Monitor the evolving regulatory landscape (especially AI-specific regulations) and flag relevant obligations
- Track open compliance items and proactively drive them to closure across stakeholders
Requirements
- 3–5 years of experience in GRC, Information Security compliance, or a related field
- Hands-on experience with SOC 2 or ISO 27001 audits, including evidence collection and gap assessments
- Familiarity with privacy regulations: GDPR, CCPA, and ideally emerging AI regulatory frameworks (EU AI Act, etc.)
- Experience managing vendor risk assessments and third-party due diligence processes
- Strong written and verbal communication skills. Can explain compliance requirements to engineers and legal concepts to product managers
- Highly organized, able to manage multiple workstreams and deadlines without dropping the ball
- Comfortable working independently in a fast-paced environment with limited process overhead
- Leverage AI to help build automation and data analysis workflows for reporting and tracking
Skills
- Experience at an AI or search company
- Familiarity with data broker or data licensing compliance
- CISA, CISM, or CRISC
Benefits
- Salary Band $150,000—$180,000 USD
- Company Perks: Hubs in San Francisco and New York City offering regular in-person gatherings and co-working sessions
- Flexible PTO with U.S. holidays observed and a week shutdown in December to rest and recharge
- A competitive health insurance plan covers 100% of the policyholder and 75% for dependents
- 12 weeks of paid parental leave in the US
- 401k program, 3% match - vested immediately
- $500 work-from-home stipend to be used up to a year of your start date
- $600 technology stipend to support a portion of our hybrid/remote team's cell phone and internet expenses
- $1,200 per year Health & Wellness Allowance to support your personal goals
- The chance to collaborate with a team at the forefront of AI research