Senior GRC Analyst
Benepass · United States · 6 days ago
RemoteRemoteBusiness Development$130k–$160k/yrFull-time
About the role
As a Senior GRC Analyst at Benepass, you will help operate and mature the governance, risk, compliance, audit readiness, and customer assurance programs that support our business, customers, and employees.
Responsibilities
- Maintain and improve information security policies, standards, procedures, control documentation, and related governance materials.
- Help map policies and controls to frameworks such as SOC 2, ISO 27001/27002, HITRUST, NIST CSF 2.0, and other customer, regulatory, or security requirements.
- Support policy exceptions, risk acceptances, remediation tracking, control owner follow-ups, and recurring governance workflows.
- Support SOC 2, ISO 27001, and HITRUST readiness, audit preparation, evidence collection, auditor coordination, and audit response management.
- Maintain recurring evidence-gathering and control testing workflows, helping ensure controls operate consistently across the business.
- Track audit findings, control gaps, remediation plans, owners, due dates, and closure evidence.
- Support risk assessments, control gap assessments, internal reviews, and maintenance of the risk register.
- Translate technical and security risks into clear business language, including mitigations, ownership, timelines, and residual risk.
- Own or support customer security questionnaires, RFP security sections, due diligence requests, and trust or compliance documentation.
- Maintain reusable questionnaire content, approved responses, compliance artifacts, and customer-facing assurance materials.
- Support employee security awareness programs and create clear internal guidance for policies, controls, and compliance responsibilities.
- Support vendor security reviews, third-party risk assessments, remediation tracking, risk acceptance documentation, and vendor compliance evidence.
- Use GRC platforms such as Vanta, Drata, Thoropass, Secureframe, or similar tools to improve evidence collection, control monitoring, task tracking, reporting, and repeatable compliance operations.
Requirements
- 5+ years of experience in GRC, information security compliance, IT audit, risk management, security assurance, or a closely related field.
- Hands-on experience supporting SOC 2 audits and readiness activities.
- Working knowledge of ISO 27001/27002, HITRUST, NIST CSF, or similar security and compliance frameworks.
- Experience maintaining security policies, controls, control narratives, evidence repositories, and audit documentation.
- Experience supporting internal or external audits, including evidence collection, auditor coordination, control owner follow-up, and remediation tracking.
- Strong written communication skills, with the ability to produce clear policies, questionnaire responses, process documentation, and stakeholder updates.
- Excellent attention to detail and project management discipline.
- Experience responding to customer security questionnaires, RFP security sections, or due diligence requests.
- Familiarity with GRC, compliance automation, or audit management tools.
- Experience in SaaS, fintech, benefits, healthcare, or other regulated environments.
- Comfort working in a startup or fast-moving environment where processes need to be mature enough to scale without creating unnecessary friction.
- Able to work with both technical and non-technical teams and communicate security and compliance expectations clearly.
Qualifications
- Certifications such as CISA, CISM, CRISC, HITRUST CCSFP, ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, or Security+ are nice-to-haves.
- Experience supporting HITRUST readiness or validated assessments.
- Experience with vendor risk management or third-party security assessments.
- Experience supporting HIPAA, PCI DSS, GDPR, or other privacy and security frameworks.
- Experience at a startup or high-growth technology company.
- Familiarity with customer trust centers, security assurance portals, or reusable security response libraries.
Skills
- Detail-oriented and pragmatic.
- Ability to communicate clearly with technical and non-technical stakeholders.
- Experience in a startup or fast-moving environment.
Benefits
We offer 95% coverage of medical, dental, and vision benefits, including:
- $250 WFH setup (one time)
- $500/year Learning & Development Benefit
- $150/month cell phone + internet
- $100/month wellness
- $100/month co-working and commuter benefit
We also offer flexible PTO.
Pay
Compensation range: $130,000 - $160,000 + equity. The range is subject to change.