Jobs · Business Development

Senior GRC Analyst

Benepass · United States · 6 days ago
RemoteRemoteBusiness Development$130k–$160k/yrFull-time

About the role

As a Senior GRC Analyst at Benepass, you will help operate and mature the governance, risk, compliance, audit readiness, and customer assurance programs that support our business, customers, and employees.

Responsibilities

  • Maintain and improve information security policies, standards, procedures, control documentation, and related governance materials.
  • Help map policies and controls to frameworks such as SOC 2, ISO 27001/27002, HITRUST, NIST CSF 2.0, and other customer, regulatory, or security requirements.
  • Support policy exceptions, risk acceptances, remediation tracking, control owner follow-ups, and recurring governance workflows.
  • Support SOC 2, ISO 27001, and HITRUST readiness, audit preparation, evidence collection, auditor coordination, and audit response management.
  • Maintain recurring evidence-gathering and control testing workflows, helping ensure controls operate consistently across the business.
  • Track audit findings, control gaps, remediation plans, owners, due dates, and closure evidence.
  • Support risk assessments, control gap assessments, internal reviews, and maintenance of the risk register.
  • Translate technical and security risks into clear business language, including mitigations, ownership, timelines, and residual risk.
  • Own or support customer security questionnaires, RFP security sections, due diligence requests, and trust or compliance documentation.
  • Maintain reusable questionnaire content, approved responses, compliance artifacts, and customer-facing assurance materials.
  • Support employee security awareness programs and create clear internal guidance for policies, controls, and compliance responsibilities.
  • Support vendor security reviews, third-party risk assessments, remediation tracking, risk acceptance documentation, and vendor compliance evidence.
  • Use GRC platforms such as Vanta, Drata, Thoropass, Secureframe, or similar tools to improve evidence collection, control monitoring, task tracking, reporting, and repeatable compliance operations.

Requirements

  • 5+ years of experience in GRC, information security compliance, IT audit, risk management, security assurance, or a closely related field.
  • Hands-on experience supporting SOC 2 audits and readiness activities.
  • Working knowledge of ISO 27001/27002, HITRUST, NIST CSF, or similar security and compliance frameworks.
  • Experience maintaining security policies, controls, control narratives, evidence repositories, and audit documentation.
  • Experience supporting internal or external audits, including evidence collection, auditor coordination, control owner follow-up, and remediation tracking.
  • Strong written communication skills, with the ability to produce clear policies, questionnaire responses, process documentation, and stakeholder updates.
  • Excellent attention to detail and project management discipline.
  • Experience responding to customer security questionnaires, RFP security sections, or due diligence requests.
  • Familiarity with GRC, compliance automation, or audit management tools.
  • Experience in SaaS, fintech, benefits, healthcare, or other regulated environments.
  • Comfort working in a startup or fast-moving environment where processes need to be mature enough to scale without creating unnecessary friction.
  • Able to work with both technical and non-technical teams and communicate security and compliance expectations clearly.

Qualifications

  • Certifications such as CISA, CISM, CRISC, HITRUST CCSFP, ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, or Security+ are nice-to-haves.
  • Experience supporting HITRUST readiness or validated assessments.
  • Experience with vendor risk management or third-party security assessments.
  • Experience supporting HIPAA, PCI DSS, GDPR, or other privacy and security frameworks.
  • Experience at a startup or high-growth technology company.
  • Familiarity with customer trust centers, security assurance portals, or reusable security response libraries.

Skills

  • Detail-oriented and pragmatic.
  • Ability to communicate clearly with technical and non-technical stakeholders.
  • Experience in a startup or fast-moving environment.

Benefits

We offer 95% coverage of medical, dental, and vision benefits, including:

  • $250 WFH setup (one time)
  • $500/year Learning & Development Benefit
  • $150/month cell phone + internet
  • $100/month wellness
  • $100/month co-working and commuter benefit

We also offer flexible PTO.

Pay

Compensation range: $130,000 - $160,000 + equity. The range is subject to change.

Similar jobs

Senior GRC Analyst

KokosingWesterville, OH· 1 mo ago
Business Developmentapply on kokosing.wd5.myworkdayjobs.com

Senior GRC Analyst

RadarNew York, NY· 1 wk ago
Business Development$125k–$160k/yrapply on jobs.ashbyhq.com

Senior GRC Analyst

ClaycoAtlanta, GA· 1 mo ago
Information Technology$8.1/hrapply on jobs.crelate.com

Senior GRC Analyst

PrizePicksAtlanta, GA· 5 days ago
RemoteSales$5/hrapply on prizepicks.com

Senior GRC Analyst

Morgan & Morgan, P.A.Orlando, FL· 1 wk ago
Business Developmentapply on grnh.se