Governance, Risk & Compliance Analyst

Governance, Risk & Compliance Analyst

FloQast is looking for a GRC Analyst to join our growing Compliance team. This position will support the management of compliance controls, organizational policies, procedures, and standards in support of regulatory compliance needs as well as organizational information security practices. You will advise and build relationships with key team members across multiple core departments, aligning department workflows to build a best-in-class compliance program.

The Compliance department at FloQast reports directly to the General Counsel and is responsible for ensuring FloQast maintains compliance with an array of security and privacy frameworks, including GDPR, CPRA, ISO 27001, ISO 27701, ISO 42001, SOC 1, and SOC 2. We are a team of in-house subject matter experts that advise, direct, train, and monitor the organization, resulting in daily interactions with all departments working together on a variety of unique and interesting business initiatives.

• Visa sponsorship is NOT available at this time

What You'll Do

Manage FloQast's internal controls inventory as new controls are added and existing controls are changed.

Build upon the controls inventory to ensure control owners, testing procedures, related policies, and other pertinent information is accurately documented and kept up to date.

Work with control owners to ensure process narratives are documented and updated annually for all controls.

Initiate, monitor, and follow up on monthly and quarterly control activities to ensure they are completed on time and proper evidence is documented to meet audit requirements.

Serve as a trusted advisor and advocate for security and compliance, engaging with teams across the company to foster a strong risk-aware culture.

Facilitate the development and maintenance of policies, standards, processes, and guidelines by drafting the documentation, gathering the appropriate approvals, and reporting on all changes in policy review meetings.

Support annual internal and external ISO 27001, ISO 27701, ISO 42001, SOC 1, SOC 2, and other similar audits by scheduling audit interviews, submitting evidence requests to control owners, following up as needed to obtain evidence on time, reviewing evidence provided for accuracy, and facilitating follow up requests as needed to ensure our audits remain on schedule.

Aggregate identified internal control issues and perform a root cause analysis and collaborate on remediation efforts.

Be an advocate for compliance best practices and the point of contact for stakeholders from departments throughout the company.

Support customer assurance activities, including completion of security questionnaires and participation in customer discussions.

Participate in and contribute to cross-functional project teams.

Any other tasks that may be assigned to help the company meet its goals.

What You'll Bring

2+ years of relevant experience.

Knowledge and familiarity with at least one security, privacy, and compliance practices (SOC 1, SOC 2, ISO 27001, ISO 27701, ISO 42001, PCI, HIPAA, etc).

Understanding of information security and privacy fundamentals.

Certification preferred in one of the following : CompTIA, CISSP, CISA, CISM, Cloud platforms such as AWS, Azure or GCP.

Confidence and willingness to ask questions, raise issues, and concerns in a timely manner.

Understanding of AI governance or leveraging AI tools to improve compliance and audit efficiency.

Nice To Haves / Other

Familiarity with NIST, CIS, and other information security frameworks is a bonus but not required.

Experience working for a software development company is a bonus but not required.

Highly collaborative, detail-oriented, intellectually curious, with strong organizational skills and an authentically friendly demeanor.

Builder mindset, comfortable sharing ideas, trying new approaches and is focused on achieving team and company short and long term goals.

Flexible and adaptable in high growth, start-up environment.