Subsplash4 weeks ago

Sr. GRC Analyst

Subsplash

$95,000–$105,000 year

Remote · Arizona, United States or Texas, United States

Arizona, United States or Texas, United StatesRemoteFull Time$95,000–$105,000 yearSenior LevelNot SpecifiedSoftware ServicesUnknown

Type

Full Time

Level

Senior Level

Education

Not Specified

Company size

Unknown

Industry

Software Services

Job Summary

Senior GRC Analyst to lead security and risk operations for Subsplash, driving PCI DSS and SOX compliance, data governance, and control maturation. You will manage PCI DSS audits, map data flows (PII/PCI) and maintain RoPA, mature multiple frameworks (PCI DSS, NIST CSF), and deliver GRC reporting. Responsible for user access governance (UAR, Joiner/Mover/Leaver), implement a year-round Security Awareness Training program including phishing simulations, and oversee risk and vendor management (TPRM). The role emphasizes AI tooling to scale GRC workflows, automated evidence collection, and leadership collaboration across IT and Engineering. Location: 100% remote within approved U.S. states; salary range $95,000–$105,000 per year. Requires 3–5 years in GRC/InfoSec/Audit, PCI DSS mastery, data governance experience, strong IAM/SoD/ITGC experience, SOX control testing collaboration with internal audit, and experience with AI-enabled GRC tools.

Required Qualifications

3–5 years of dedicated experience in GRC, Information Security, or Audit (FinTech or Financial Services industry experience is highly preferred)
Deep practical knowledge of PCI DSS requirements and controls
Experience performing Data Mapping exercises and maintaining RoPA (Records of Processing Activities)
Proven experience managing phishing platforms (e.g., KnowBe4, Mimecast, or Vanta-integrated tools) and developing security training curricula
Experience managing formal access review cycles and identity governance processes
Experience administering a GRC platform with automated evidence collection, control monitoring, and access review workflows (Vanta is a significant advantage)
Experience with SOX IT General Controls (ITGCs) including change management, logical access, computer operations controls, and segregation of duties (SoD)
Demonstrated experience using AI tools to improve GRC workflows, automate reporting, or accelerate evidence collection and analysis

Additional Requirements

Location-based restrictions apply: role available only to individuals residing in allowed U.S. states as listed in the Location section

Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.

Hiring someone like this?

Get your role in front of qualified candidates on Sorce.

Get started