Senior GRC Analyst
$150,000–$185,000 year
Remote · United States
Job Summary
Senior GRC Analyst responsible for owning Doppler's security and compliance program, maintaining SOC 2 Type II and ISO 27001 certifications, leading next certification initiatives, and acting as the internal expert and external face of security for enterprise customers. Own day-to-day governance of the GRC program (Vanta), coordinate risk and controls, manage penetration testing cycles, author security policies, support business continuity, respond to security questionnaires and RFPs, and enable enterprise deals with a strong automation-first mindset. Requires 5+ years in security/compliance/GRC with direct ownership of SOC 2 Type II and ISO 27001 programs in a cloud product environment; hands-on with GRC tooling; familiarity with GDPR/PCI; strong written and verbal communication; certifications preferred; remote in the USA.
Required Qualifications
- 5+ years in security, compliance, or GRC with direct ownership of SOC 2 Type II and ISO 27001 programs in a cloud product environment
- hands-on experience with Vanta (or comparable GRC platform) and automating compliance workflows
- ability to read and interpret a pen test report and discuss control design with engineers
- familiarity with PCI DSS and GDPR requirements; self-attestation or certification work is a strong plus
- experience supporting enterprise sales cycles where security is a procurement requirement
- excellent communication skills across audiences, ability to brief leadership and engineers
- relevant certifications (CISA, CISSP, CISM, CRISC, or equivalent) preferred
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.