Senior Information Security Analyst, GRC

Our client is a platform that connects companies with skilled service professionals for exceptional on-site work. They are looking for a Senior Information Security Analyst to lead and scale their compliance program, including SOC 2 and ISO 27001. The role requires a technical GRC professional who partners directly with engineering, product, and business teams to embed security into how Our client builds and ships software.

Requirements

• Own Our client's security compliance programs (SOC 2 & ISO27001) end to end, from control design through remediation tracking and auditor coordination.
• Serve as the GRC point of contact for client staff, customers, prospects, and auditors.
• Replace manual compliance workflows with automated evidence collection pipelines, control monitoring, and reporting systems.
• Design and operate the vendor risk management program, including assessment methodology, risk tiering, and ongoing monitoring through the use of automation and/or AI.
• Translate compliance framework requirements into tailored technical specifications that engineering teams can implement without friction.
• Identify and implement opportunities to use AI and LLM tooling to accelerate GRC workflows, including security questionnaire responses, evidence analysis, policy drafting, and control gap detection.
• Monitor emerging AI regulations and governance frameworks, and assess their impact on the company's compliance obligations and product roadmap.
• Conduct risk assessments using structured methodologies, maintain the risk register, and work with control owners to prioritize remediation based risk.

Benefits

• Gratuity
• Mobile Bill
• Medical Insurance
• Profit Sharing Bonus
• Festival Bonus
• Gym Membership
• Career Development Budget
• Annual performance evaluation and increment
• Flexible leave/vacation policy
• Employee Transportation: Drop off available