Job Description:
• Serve as a staff level, cross-trained GRC expert across Compliance, Audit, and Risk, partnering with teams to strengthen trust and resilience across the business
• Perform control mapping, gap analysis, and remediation tracking across multiple frameworks to proactively reduce audit risk
• Partner with engineering, IT, and security teams to translate regulatory requirements into actionable, testable technical controls
• Identify and operationalize improvements to the control framework to align with evolving regulatory demands (e.g., NIS2)
• Reduce manual audit friction by driving process improvement and leveraging automation (dashboards, workflows, tooling integrations)
Requirements:
• Hands-on experience operating within complex cloud or SaaS control environments across major frameworks (NIST 800-53, ISO 27001, PCI-DSS, HIPAA), including practical control testing
• Demonstrated ability to independently map regulatory requirements to technical control execution and identify material gaps using sound risk judgment
• Experience managing audit evidence collection and remediation tracking during live audit cycles
• Effective verbal and written communication skills with proven ability to engage technical stakeholders effectively
• Process improvement and automation mindset, with experience leveraging GRC tooling (e.g., Thoropass, AuditBoard, or similar platforms) to improve audit efficiency
Benefits:
• Comprehensive health benefits, life and disability insurance, and fertility and family-forming support programs
• Generous paid time off, paid holidays, volunteer time off, and quarterly self-care days and no meeting days
• Tuition and reading reimbursement programs to support your continuous learning and professional growth
• Thrive Global Wellness Program, confidential Employee Assistance Program (EAP), as well as One to One Wellness Coaching
• Employee programs—including Employee Resource Groups (ERGs), GoTo Gives, and our charitable matching program—to amplify your connection and impact