We are looking for a GRC Senior Analyst to own and scale our Governance, Risk, and Compliance function within a fast-growing product company. This is a key role responsible for ensuring compliance with SOX, ISO 27001, and GDPR, while enabling the business to move fast in a secure and controlled way.
You will act as the main driver of our compliance strategy, working cross-functionally with Engineering, Security, Legal, Finance, and Product teams.
What you will do
Own and lead the company’s GRC implementation across ISO 27001 and GDPR.
Build and manage the Information Security Management System (ISMS) aligned with ISO 27001.
Ensure GDPR compliance across all data processing activities, including data mapping, data leaks, and encryptions.
Act as the primary point of contact for auditors and prepare the company for ISO audits.
Identify compliance gaps and drive remediation plans with technical and non-technical teams.
Develop governance policies, procedures, and risk management frameworks.
Partner closely with Engineering and Security teams to embed controls into systems and SDLC processes.
Monitor regulatory and compliance changes and translate them into actionable requirements.
Mandatory Requirements
8+ years of experience in GRC, Risk, Compliance, or IT Audit roles
5+ years of strong hands-on experience with ISO 27001 and experience managing or supporting ISMS implementation.
3+ years of practical experience with GDPR data mapping, reviewing systems from the tech side.
5+ years of experience from a product tech company with global client reach in the US & EU (companies above 100 people).
Experience working with internal and external auditors
Very strong stakeholder management and communication skills across technical and non-technical teams.
Fluent English
Nice to have
Familiarity with cloud environments (AWS, GCP, Azure).
Security certifications (CISA, CISM, ISO 27001 Lead Implementer/Auditor).
Other security experience.
#LI-ML3
Sandisk
agility
SopraSteria1
GRVTY
METGroup
thoughtspot