Talent.com
Lead Governance, Risk, and Compliance (GRC) Analyst

Lead Governance, Risk, and Compliance (GRC) Analyst

Morrison & Foerster LLPSan Francisco, CA, United States
1 day ago
Job type
  • Full-time
Job description

Lead Governance, Risk, and Compliance (GRC) Analyst

Req ID : 5706

Position Type : Information Technology

Job Overview

At MoFo, we couldn't write our own success story without yours. Ready to write your story?

Join MoFo as a LEAD GRC ANALYST on our Information Technology team!

This role can be based in San Francisco, Palo Alto, Los Angeles, San Diego, Denver, Austin, Boston, New York or Washington, D.C. https : / / www.mofo.com / offices

ABOUT THE ROLE

The Lead Governance, Risk, and Compliance (GRC) Analyst is responsible for managing the firm’s information security governance, risk, and compliance program. This role serves as the operational lead for maintaining ISO 27001 certification, managing client and vendor audits, overseeing policy governance, and ensuring continuous audit readiness across all systems and jurisdictions. The ideal candidate will be a subject matter expert in information security controls and audit practices, with deep experience in ISO 27001, NIST, and related frameworks. This position requires strong leadership, collaboration, and communication skills, along with the ability to engage effectively with senior leadership, clients, and external auditors.

Governance, Risk & Compliance

  • Lead and manage the firm’s Information Security Management System (ISMS) to maintain ISO 27001 certification and ongoing compliance.
  • Develop, implement, and monitor controls aligned with ISO 27001, NIST 800-53, DOJ, and CISA EO 14117 frameworks.
  • Serve as the primary liaison for internal, external, client, and vendor security audits, including documentation, evidence, and remediation tracking.
  • Manage the firm’s compliance calendar and ensure timely completion of assessments, certifications, and audits.
  • Improve compliance processes through automation, standardized evidence tracking, and enhanced reporting.
  • Oversee the governance and maintenance of security and privacy policies to ensure alignment with frameworks and regulatory requirements.
  • Conduct risk assessments and document mitigation strategies.
  • Collaborate with IT, Legal, Privacy, and business units to ensure consistent control implementation and reporting.
  • Track and report key performance metrics to measure compliance posture and program maturity.

Audit and Compliance Leadership

  • Manage all phases of ISO, client, and vendor audit cycles, from scoping to evidence delivery.
  • Engage with auditors, clients, and stakeholders to explain controls, policies, and security practices.
  • Maintain continuous audit readiness and coordinate corrective actions and improvement plans as needed.

    • Policy and Documentation Management

  • Maintain ISMS documentation, control inventories, and audit evidence repositories.
  • Review and update policies, procedures, and standards for clarity and alignment with business and legal requirements.
  • Prepare executive-level reports summarizing compliance posture and audit outcomes.

    • Program Maturity and Process Improvement

  • Identify opportunities to enhance compliance operations through process and technology improvements.
  • Lead initiatives to automate control monitoring and evidence collection.
  • Stay current on evolving regulatory requirements and advise leadership on necessary updates.

    • Client Service and Confidentiality

  • Serve as the primary client-facing representative for security and compliance inquiries.

    • Ensure timely and professional communication during client and vendor audit engagements.

  • Uphold firm confidentiality standards and elevate potential data protection or compliance incidents as required.

    • ABOUT YOU

  • Bachelor’s degree or higher in Information Technology, Cybersecurity, Business, or a related field.
  • 710 years of experience in information security governance, risk, and compliance roles.
  • Proven success managing ISO 27001 programs, client security audits, and vendor assessments.
  • Deep knowledge of ISO 27001 and NIST 800-53 frameworks; familiarity with DOJ and CISA EO 14117 guidance preferred.
  • Demonstrated ability to operate independently, lead audit activities, and manage complex compliance programs.
  • Strong background in control design, mapping, and governance documentation.
  • Required certifications : CISSP, CISA, or equivalent.
  • Preferred certifications : ISO 27001 Lead Auditor or Lead Implementer, CISM, or CRISC.

    • Core Competencies and Applied Skills

  • Audit Leadership : Proven ability to maintain continuous audit readiness and manage full audit cycles end-to-end.
  • Policy and Control Management : Expertise in control design, policy governance, and compliance validation.
  • Independent Execution : Operates with minimal supervision, showing initiative, accountability, and ownership.
  • Analytical Thinking : Strong risk assessment and problem-solving skills; ability to translate frameworks into actionable controls.
  • Communication : Excellent written and verbal skills with experience engaging clients, auditors, and senior leadership.
  • Organization : Skilled at managing multiple audits, priorities, and deliverables under tight deadlines.
  • Collaboration : Works effectively across IT, Legal, Privacy, and business teams to align compliance objectives.
  • Continuous Improvement : Identifies opportunities to enhance efficiency through process and technology optimization.

    • ABOUT MOFO

    At MoFo, we collaborate as one firm, across borders, practice areas, and business functions and value fresh ideas and innovation over conformity and competition.

  • About Us : https : / / www.mofo.com / about
  • Inclusion + Engagement : https : / / www.mofo.com / community / we-at-mofo
  • Commitment to Pro Bono : https : / / careers.mofo.com / careers-pro-bono
  • The MoFo Foundation : https : / / www.mofo.com / culture / mofo-foundation

    • ABOUT OUR BENEFITS

    MoFo offers a comprehensive benefits package starting on your first day.

  • A variety of options for medical, dental, vision, life and disability coverage to meet the needs of you and your family.
  • Industry-leading parental leave and family benefits including adoption and fertility treatment options and backup child and elder care.
  • Global wellness program, including free access to Talkspace and Calm apps.
  • Annual community service day to make an impact on your community and a birthday holiday just for fun.
  • Education reimbursement annually.
  • Dedicated Talent Development team.
  • Competitive annual profit‑sharing contribution.

    • Where required by law, salary ranges are stated below. Additional compensation may include a discretionary bonus, overtime as applicable, health / welfare benefits, retirement contributions, paid holidays, and PTO. The range displayed is specifically for positions performed in those cities / state and may vary based on factors including but not limited to the following : local market data and ranges; an applicant’s skills and prior relevant experience; and certain degrees, licensing, and certifications. The application deadline is May 13, 2026.

    New York, San Francisco, Palo Alto salary range : $128k to $178k

    Los Angeles, San Diego, Boston, Washington, D.C. salary range : $122k to $169k

    Denver salary range : $114k to $159k

    For questions regarding this position, please e‑mail jobs@mofo.com

    Morrison & Foerster is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, religion, creed, ethnic or national origin, ancestry, age, disability, veteran or military status, marital status, pregnancy, sexual orientation, gender identity, domestic partner status, and other categories protected by applicable laws, or in retaliation for opposition to any practices forbidden under this policy.

    PI279783156

    #J-18808-Ljbffr

    Create a job alert for this search

    Lead Governance Risk Compliance • San Francisco, CA, United States

    Related jobs
    • Promoted
    Governance, Risk & Compliance Lead

    Governance, Risk & Compliance Lead

    Pantera CapitalSan Francisco, CA, United States
    Full-time
    Perplexity is an AI-powered answer engine founded in December 2022 and growing rapidly as one of the world’s leading AI platforms. Perplexity has raised over $1B in venture investment from some of t...Show moreLast updated: 16 days ago
    • Promoted
    • New!
    Lead Governance, Risk, and Compliance (GRC) Analyst

    Lead Governance, Risk, and Compliance (GRC) Analyst

    Morrison & Foerster LLPSan Francisco, California, United States
    Full-time
    Lead Governance, Risk, and Compliance (GRC) Analyst Req ID : 5706.Position Type : Information Technology.Job Overview At MoFo, we couldn't write our own success story without yours.This role can be b...Show moreLast updated: 3 hours ago
    • Promoted
    Governance, Risk & Compliance Lead

    Governance, Risk & Compliance Lead

    Perplexity AI Inc.San Francisco, CA, United States
    Full-time
    Perplexity is seeking a highly experienced Governance, Risk & Compliance Analyst to join our world-class team.You will help shape our compliance and risk management program.If you are a self-motiva...Show moreLast updated: 14 days ago
    • Promoted
    • New!
    Lead Specialist, Governance, Risk, & Compliance

    Lead Specialist, Governance, Risk, & Compliance

    KPMG USSan Francisco, California, United States
    Full-time
    Lead Specialist, Governance, Risk, & Compliance Apply for the Lead Specialist, Governance, Risk, & Compliance role at KPMG US. KPMG Advisory practice is currently our fastest growing practice.We are...Show moreLast updated: 2 hours ago
    • Promoted
    Head of Governance, Risk and Compliance

    Head of Governance, Risk and Compliance

    Hippocratic AIPalo Alto, CA, United States
    Full-time
    Hippocratic AI has developed a safety-focused Large Language Model (LLM) for healthcare.The company believes that a safe LLM can dramatically improve healthcare accessibility and health outcomes in...Show moreLast updated: 4 days ago
    • Promoted
    Head of Risk and Compliance Reporting and Analytics

    Head of Risk and Compliance Reporting and Analytics

    TabaPayPalo Alto, CA, United States
    Full-time
    Head Of Risk And Compliance Reporting And Analytics.The Risk And Compliance Reporting And Analytics function will be the central engine for transforming raw data into actionable intelligence that d...Show moreLast updated: 30+ days ago
    Compliance Program Lead

    Compliance Program Lead

    Freelancer.comSan Francisco, CA, US
    Full-time
    Quick Apply
    We are seeking a highly skilled Compliance Program Lead to oversee and enhance our regulatory compliance initiatives.This role is responsible for ensuring adherence to regulatory requirements relat...Show moreLast updated: 30+ days ago
    • Promoted
    • New!
    Governance, Risk, and Compliance Lead

    Governance, Risk, and Compliance Lead

    xAIPalo Alto, California, United States
    Full-time
    AI’s mission is to create AI systems that can accurately understand the universe and aid humanity in its pursuit of knowledge. Our team is small, highly motivated, and focused on engineering excelle...Show moreLast updated: 2 hours ago
    • Promoted
    Senior GRC Analyst II

    Senior GRC Analyst II

    Menlo VenturesSan Francisco, CA, United States
    Full-time
    Location : San Francisco, CA; Seattle, WA; New York City, NY.Carta connects founders, investors, and limited partners through world‑class software, purpose‑built for everyone in venture capital, pri...Show moreLast updated: 4 days ago
    • Promoted
    • New!
    Credit Risk Lead

    Credit Risk Lead

    CardlessSan Francisco, California, United States
    Full-time
    Overview At Cardless we build a credit card and loyalty platform that consumer businesses use to engage their customers.We have launched 14 credit cards for brands such as Alibaba and Qatar Airways...Show moreLast updated: 3 hours ago
    • Promoted
    • New!
    Senior Manager, Risk and Compliance

    Senior Manager, Risk and Compliance

    San Francisco Federal Credit UnionSan Francisco, CA, United States
    Full-time
    With an “A” health rating and solid year-over-year growth, San Francisco Federal Credit Union’s (SFFedCU) membership is now over 43,000 with assets surpassing $1. San Francisco and San Mateo County....Show moreLast updated: 2 hours ago
    • Promoted
    Director of Innovative Programs (4801) Job 81039 - The Fung Institute

    Director of Innovative Programs (4801) Job 81039 - The Fung Institute

    InsideHigherEdBerkeley, California, United States
    Full-time
    Director of Innovative Programs (4801) Job 81039 - The Fung Institute.At the University of California, Berkeley, we are dedicated to fostering a community where everyone feels welcome and can thriv...Show moreLast updated: 30+ days ago
    • Promoted
    • New!
    Governance, Risk & Compliance Lead

    Governance, Risk & Compliance Lead

    PerplexitySan Francisco, California, United States
    Full-time
    Perplexity is seeking a highly experienced Governance, Risk & Compliance Analyst to join our world-class team.You will help shape our compliance and risk management program.If you are a self-motiva...Show moreLast updated: 3 hours ago
    • Promoted
    • New!
    Senior GRC Security Lead — ISO / NIST, Risk & Audits

    Senior GRC Security Lead — ISO / NIST, Risk & Audits

    LambdaSan Francisco, CA, United States
    Full-time
    A leading AI infrastructure company is seeking a Cybersecurity Risk Manager to enhance their compliance framework.Responsibilities include managing audits, communicating with stakeholders, and ensu...Show moreLast updated: 8 hours ago
    • Promoted
    Senior Risk Analyst

    Senior Risk Analyst

    Monzo BankSan Francisco, CA, United States
    Full-time
    Risk Analyst to support strategic initiatives across the Risk organization.You will develop deep expertise on processes and drive continuous process improvement initiatives, with a focus on program...Show moreLast updated: 1 day ago
    • Promoted
    Lead Principal - Governance Risk and Compliance

    Lead Principal - Governance Risk and Compliance

    Cloud Software Group, Inc.San Ramon, CA, United States
    Full-time
    We are seeking a highly skilled and experienced.Governance, Risk and Compliance team.The GRC specialist will play a critical role in managing and enhancing our Governance, Risk, and Compliance (GRC...Show moreLast updated: 10 days ago
    • Promoted
    Governance, Risk & Compliance Analyst III - SOC 2

    Governance, Risk & Compliance Analyst III - SOC 2

    Sensiba LLPPleasanton, CA, United States
    Full-time
    At Sensiba, we're more than just a Top 75 Accounting Firm - we're a purpose-driven organization committed to making a meaningful impact for our clients, our people, and our communities.Recognized a...Show moreLast updated: 9 days ago
    • Promoted
    Managed Services - Integrated Risk Management (Archer) - Senior Analyst

    Managed Services - Integrated Risk Management (Archer) - Senior Analyst

    Ernst and YoungPalo Alto, CA, United States
    Full-time
    At EY, we’re all in to shape your future with confidence.We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go.Join EY and help ...Show moreLast updated: 4 days ago