Governance, Risk & Compliance (GRC) Analyst
Ivo · San Francisco, CA · 2 wk ago
On-siteLegal$135k–$165k/yrFull-time
Role Overview
The role of GRC Analyst at Ivo supports the company's compliance, risk management, and security assurance initiatives. This role plays a key part in maintaining and enhancing Ivo's compliance programs, including SOC 2 Type II, ISO 27001, CSA STAR, and ISO/IEC 42001.
Responsibilities
- Support and coordinate Ivo's compliance programs including SOC 2 Type II, ISO 27001, CSA STAR, and in-depth knowledge of ISO/IEC 42001.
- Assist with annual audits, surveillance audits, and customer security assessments.
- Cook up evidence collection and maintain audit readiness across teams.
- Support and maintain Ivo's Vanta GRC platform and associated compliance workflows.
- Monitor automated compliance evidence collection and control monitoring within Vanta.
- Support vendor and third-party risk assessments.
- Support enterprise risk management and risk register maintenance.
- Maintain and update security policies, standards, and procedures.
- Support AI governance and responsible AI compliance initiatives.
Required Qualifications
- 3–5 years of experience in Governance, Risk & Compliance (GRC), Information Security, IT Audit, or related field.
- Hands-on experience supporting SOC 2 Type II, ISO 27001, CSA STAR, and in-depth knowledge of ISO/IEC 42001.
- Experience administering or working extensively with Vanta or similar GRC/compliance automation platforms.
- Experience managing and maintaining a customer-facing Trust Center, including security documentation, compliance artifacts, sub-processor disclosures, and customer assurance materials.
- A strong understanding of information security principles and common security controls.
- Experience with audits, evidence management, and customer security reviews.
- Excellent written and verbal communication skills.
Preferred Qualifications
- Experience working at a SaaS or AI company.
- Familiarity with GDPR, CCPA, privacy regulations, and third-party risk management.
- Knowledge of cloud environments such as GCP, AWS, or Azure.
- Relevant certifications such as Security+, CISA, CRISC, CCSK, or ISO 27001 Lead Implementer/Auditor.
What We're Looking For
- Strong attention to detail and accountability.
- Collaborative mindset with strong cross-functional communication skills.
- Ability to translate compliance requirements into practical operational processes.
- Interest in emerging AI governance and security frameworks.
- Self-starter mentality with a continuous improvement mindset.
Compensation And Benefits
- Competitive salary ($135k - $165k) and equity package.
- Comprehensive health, dental, and vision coverage.
- Flexible PTO.
- Collaborative onsite work environment (5 days) at Ivo's San Francisco headquarters.
- Opportunity to help shape the security and compliance foundation of a rapidly growing AI company.
About Ivo
Ivo is the contract intelligence platform of choice for companies like Uber, Meta, Canva, IBM, and Shopify. We recently raised our Series B and have grown 800% over the last 12 months. Ivo is seeking a detail-oriented and proactive GRC Analyst to support the company's compliance, risk management, and security assurance initiatives.