Jobs · Legal · California

Governance, Risk & Compliance (GRC) Analyst

Ivo · San Francisco, CA · 2 wk ago
On-siteLegal$135k–$165k/yrFull-time

Role Overview

The role of GRC Analyst at Ivo supports the company's compliance, risk management, and security assurance initiatives. This role plays a key part in maintaining and enhancing Ivo's compliance programs, including SOC 2 Type II, ISO 27001, CSA STAR, and ISO/IEC 42001.

Responsibilities

  • Support and coordinate Ivo's compliance programs including SOC 2 Type II, ISO 27001, CSA STAR, and in-depth knowledge of ISO/IEC 42001.
  • Assist with annual audits, surveillance audits, and customer security assessments.
  • Cook up evidence collection and maintain audit readiness across teams.
  • Support and maintain Ivo's Vanta GRC platform and associated compliance workflows.
  • Monitor automated compliance evidence collection and control monitoring within Vanta.
  • Support vendor and third-party risk assessments.
  • Support enterprise risk management and risk register maintenance.
  • Maintain and update security policies, standards, and procedures.
  • Support AI governance and responsible AI compliance initiatives.

Required Qualifications

  • 3–5 years of experience in Governance, Risk & Compliance (GRC), Information Security, IT Audit, or related field.
  • Hands-on experience supporting SOC 2 Type II, ISO 27001, CSA STAR, and in-depth knowledge of ISO/IEC 42001.
  • Experience administering or working extensively with Vanta or similar GRC/compliance automation platforms.
  • Experience managing and maintaining a customer-facing Trust Center, including security documentation, compliance artifacts, sub-processor disclosures, and customer assurance materials.
  • A strong understanding of information security principles and common security controls.
  • Experience with audits, evidence management, and customer security reviews.
  • Excellent written and verbal communication skills.

Preferred Qualifications

  • Experience working at a SaaS or AI company.
  • Familiarity with GDPR, CCPA, privacy regulations, and third-party risk management.
  • Knowledge of cloud environments such as GCP, AWS, or Azure.
  • Relevant certifications such as Security+, CISA, CRISC, CCSK, or ISO 27001 Lead Implementer/Auditor.

What We're Looking For

  • Strong attention to detail and accountability.
  • Collaborative mindset with strong cross-functional communication skills.
  • Ability to translate compliance requirements into practical operational processes.
  • Interest in emerging AI governance and security frameworks.
  • Self-starter mentality with a continuous improvement mindset.

Compensation And Benefits

  • Competitive salary ($135k - $165k) and equity package.
  • Comprehensive health, dental, and vision coverage.
  • Flexible PTO.
  • Collaborative onsite work environment (5 days) at Ivo's San Francisco headquarters.
  • Opportunity to help shape the security and compliance foundation of a rapidly growing AI company.

About Ivo

Ivo is the contract intelligence platform of choice for companies like Uber, Meta, Canva, IBM, and Shopify. We recently raised our Series B and have grown 800% over the last 12 months. Ivo is seeking a detail-oriented and proactive GRC Analyst to support the company's compliance, risk management, and security assurance initiatives.

Similar jobs