Lead Governance, Risk, and Compliance (GRC) AnalystMorrison Foerster • San Francisco, CA, United States
Lead Governance, Risk, and Compliance (GRC) Analyst
Morrison Foerster • San Francisco, CA, United States
11 days ago
Job type
- Full-time
Job descriptionManage all phases of ISO, client, and vendor audit cycles, from scoping to evidence delivery. Engage with auditors, clients, and stakeholders to explain controls, policies, and security practices. Maintain continuous audit readiness and coordinate corrective actions and improvement plans as needed. Maintain ISMS documentation, control inventories, and audit evidence repositories. Review and update policies, procedures, and standards for clarity and alignment with business and legal requirements. Prepare executive‑level reports summarizing compliance posture and audit outcomes. Identify opportunities to enhance compliance operations through process and technology improvements. Lead initiatives to automate control monitoring and evidence collection. Stay current on evolving regulatory requirements and advise leadership on necessary updates. Serve as the primary client‑facing representative for security and compliance inquiries. Ensure timely and professional communication during client and vendor audit engagements. Uphold firm confidentiality standards and elevate potential data protection or compliance incidents as required. Bachelor’s degree or higher in Information Technology, Cybersecurity, Business, or a related field. 7–10 years of experience in information security governance, risk, and compliance roles. Proven success managing ISO 27001 programs, client security audits, and vendor assessments. Deep knowledge of ISO 27001 and NIST 800-53 frameworks; familiarity with DOJ and CISA EO 14117 guidance preferred. Demonstrated ability to operate independently, lead audit activities, and manage complex compliance programs. Strong background in control design, mapping, and governance documentation. Required certifications : CISSP, CISA, or equivalent. Preferred certifications : ISO 27001 Lead Auditor or Lead Implementer, CISM, or CRISC. Audit Leadership : Proven ability to maintain continuous audit readiness and manage full audit cycles end‑to‑end. Policy and Control Management : Expertise in control design, policy governance, and compliance validation. Independent Execution : Operates with minimal supervision, showing initiative, accountability, and ownership. Analytical Thinking : Strong risk assessment and problem‑solving skills; ability to translate frameworks into actionable controls. Communication : Excellent written and verbal skills with experience engaging clients, auditors, and senior leadership. Organization : Skilled at managing multiple audits, priorities, and deliverables under tight deadlines. Collaboration : Works effectively across IT, Legal, Privacy, and business teams to align compliance objectives. Continuous Improvement : Identifies opportunities to enhance efficiency through process and technology optimization. About Us : https : / / www.mofo.com / about Inclusion + Engagement : https : / / www.mofo.com / community / we-at-mofo Commitment to Pro Bono : https : / / careers.mofo.com / careers-pro-bono The MoFo Foundation : https : / / www.mofo.com / culture / mofo-foundation A variety of options for medical, dental, vision, life and disability coverage to meet the needs of you and your family. Industry‑leading parental leave and family benefits including adoption and fertility treatment options and backup child and elder care. Global wellness program, including free access to Talkspace and Calm apps. Annual community service day to make an impact on your community and a birthday holiday just for fun. Education reimbursement annually. Dedicated Talent Development team. Competitive annual profit‑sharing contribution. New York, San Francisco, Palo Alto : $128k to $178k Los Angeles, San Diego, Boston, Washington, D.C. : $122k to $169k Denver : $114k to $159k
Lead Governance, Risk, and Compliance (GRC) Analyst
This role can be based in San Francisco, Palo Alto, Los Angeles, San Diego, Denver, Austin, Boston, New York or Washington, D.C. (see https : / / www.mofo.com / offices ). This role requires a strong leader with expertise in information security governance and ISO 27001.
Overview
At MoFo, we couldn’t write our own success story without yours. Ready to write your story? Join MoFo as a LEAD GRC ANALYST on our Information Technology team!
About The Role
The Lead Governance, Risk, and Compliance (GRC) Analyst is responsible for managing the firm’s information security governance, risk, and compliance program. This role serves as the operational lead for maintaining ISO 27001 certification, managing client and vendor audits, overseeing policy governance, and ensuring continuous audit readiness across all systems and jurisdictions.
Governance, Risk & Compliance
- Lead and manage the firm’s Information Security Management System (ISMS) to maintain ISO 27001 certification and ongoing compliance.
- Develop, implement, and monitor controls aligned with ISO 27001, NIST 800-53, DOJ, and CISA EO 14117 frameworks.
- Serve as the primary liaison for internal, external, client, and vendor security audits, including documentation, evidence, and remediation tracking.
- Manage the firm’s compliance calendar and ensure timely completion of assessments, certifications, and audits.
- Improve compliance processes through automation, standardized evidence tracking, and enhanced reporting.
- Oversee the governance and maintenance of security and privacy policies to ensure alignment with frameworks and regulatory requirements.
- Conduct risk assessments and document mitigation strategies.
- Collaborate with IT, Legal, Privacy, and business units to ensure consistent control implementation and reporting.
- Track and report key performance metrics to measure compliance posture and program maturity.
Audit & Compliance Leadership
Policy and Documentation Management
Program Maturity and Process Improvement
Client Service and Confidentiality
About You
Core Competencies And Applied Skills
About MoFo
At MoFo, we collaborate as one firm, across borders, practice areas, and business functions and value fresh ideas and innovation over conformity and competition.
Our Benefits
Compensation
Where required by law, salary ranges are stated below. Additional compensation may include a discretionary bonus, overtime as applicable, health / welfare benefits, retirement contributions, paid holidays, and PTO. The range displayed is specifically for positions performed in those cities / states and may vary based on factors including but not limited to the following : local market data and ranges; an applicant's skills and prior relevant experience; and certain degrees, licensing, and certifications.
The application deadline is May 13, 2026.
For questions regarding this position, please e-mail jobs@mofo.com
#J-18808-Ljbffr
Create a job alert for this search
Lead Governance Risk Compliance • San Francisco, CA, United States
Related jobs
Lead Governance, Risk, and Compliance (GRC) Analyst.Position Type : Information Technology.At MoFo, we couldn't write our own success story without yours.
This role can be based in San Francisco, Pal...Show more
As the Compliance Insights Program Manager, you will design a new program and stand up a team focused on measuring bad activity prevalence on our platforms.
You will drive strategy, training, and wi...Show more
Perplexity is seeking a highly experienced Governance, Risk & Compliance Analyst to join our world-class team.You will help shape our compliance and risk management program.If you are a self-motiva...Show more
Lead Specialist, Governance, Risk, & Compliance.Apply for the Lead Specialist, Governance, Risk, & Compliance role at KPMG US.
KPMG Advisory practice is currently our fastest growing practice.We are...Show more
PG Forsta is the leading experience measurement, data analytics, and insights provider for complex industries-a status we earned over decades of deep partnership with clients to help them understan...Show more
A leading social media platform is seeking an experienced Intelligence & Risk Analyst to join their Global Security and Safety team.
This role involves analyzing and assessing threats to ensure busi...Show more
Director of Innovative Programs (4801) Job 81039 - The Fung Institute.At the University of California, Berkeley, we are dedicated to fostering a community where everyone feels welcome and can thriv...Show more
With an “A” health rating and solid year-over-year growth, San Francisco Federal Credit Union’s (SFFedCU) membership is now over 43,000 with assets surpassing $1.
San Francisco and San Mateo County....Show more
NAVA Software solutions is looking for a Security GRC Analyst.Location : San Francisco , CA - Hybrid.Analyst with 2+ years' experience and with good understanding of security controls and compliance...Show more
Governance, Risk, and Compliance Lead.Governance, Risk, and Compliance Lead.Get AI-powered advice on this job and more exclusive features.
AI’s mission is to create AI systems that can accurately un...Show more
Location : San Francisco, CA; Seattle, WA; New York City, NY.Carta connects founders, investors, and limited partners through world‑class software, purpose‑built for everyone in venture capital, pri...Show more
Known for being a great place to work and build a career, KPMG provides audit, tax and advisory services for organizations in today's most important industries.
Our growth is driven by delivering re...Show more
Lead Governance, Risk, and Compliance (GRC) Analyst This role can be based in San Francisco, Palo Alto, Los Angeles, San Diego, Denver, Austin, Boston, New York or Washington, D.This role requires ...Show more
As a member of the Information Services department, the Lead Analyst, Digital Data Governance & Compliance will drive and support our firm-wide electronic governance initiatives.This key role will ...Show more
Perplexity is an AI-powered answer engine founded in December 2022 and growing rapidly as one of the world’s leading AI platforms.
Perplexity has raised over $1B in venture investment from some of t...Show more
At Bio-Rad, we have a robust product development portfolio in both the Life Science Group (LSG) and the Clinical Diagnostics Group (CDG) that deliver innovation in support of our mission to advance...Show more
This is a detailed description of the role and responsibilities.The candidate will be responsible for overseeing the governance, risk, and compliance aspects of the organization.This includes devel...Show more
At Sift, we’re redefining how modern machines are built, tested, and operated.Our platform provides engineers with real-time observability over high-frequency telemetry, eliminating bottlenecks and...Show more
Lead Governance, Risk, and Compliance (GRC) Analyst
Morrison & Foerster LLP • San Francisco, CA, United States
Full-time
Last updated: 8 days ago • Promoted
Compliance Insights Program Lead
Block • San Francisco, CA, US
Full-time
Last updated: 8 days ago • Promoted
Governance, Risk & Compliance Lead
Perplexity AI Inc. • San Francisco, CA, United States
Full-time
Last updated: 21 days ago • Promoted
Lead Specialist, Governance, Risk, & Compliance
KPMG US • San Francisco, CA, United States
Full-time
Last updated: 30+ days ago • Promoted
Solution Director, Employee Experience Solutions - Healthcare Growth
PG Forsta • Emeryville, CA, United States
Full-time
Last updated: 30+ days ago • Promoted
Global Threat Intelligence & Risk Analyst
GeoPolist • San Francisco, CA, United States
Full-time
Last updated: 20 hours ago • Promoted • New!
Director of Innovative Programs (4801) Job 81039 - The Fung Institute
InsideHigherEd • Berkeley, California, United States
Full-time
Last updated: 30+ days ago • Promoted
Senior Manager, Risk and Compliance
San Francisco Federal Credit Union • San Francisco, CA, United States
Full-time
Last updated: 6 days ago • Promoted
Security GRC Analyst
Nava Software Solutions • San Francisco, CA, United States
Full-time
Last updated: 14 days ago • Promoted
Governance, Risk, and Compliance Lead
xAI • San Francisco, CA, United States
Full-time
Last updated: 30+ days ago • Promoted
Senior GRC Analyst II
Menlo Ventures • San Francisco, CA, United States
Full-time
Last updated: 12 days ago • Promoted
Manager, Security Governance Risk and Compliance
KPMG • San Francisco, CA, United States
Full-time
Last updated: 10 days ago • Promoted
Lead Governance, Risk, and Compliance (GRC) Analyst
Morrison Foerster • San Francisco, CA, US
Full-time
Last updated: 8 days ago • Promoted
Lead Analyst, Digital Data Governance & Compliance
Fox Rothschild • San Francisco, CA, United States
Full-time
Last updated: 17 days ago • Promoted
Governance, Risk & Compliance Lead
Pantera Capital • San Francisco, CA, United States
Full-time
Last updated: 22 days ago • Promoted
Sr. Manager, R&D Portfolio Finance and Analytics
Bio-Rad Laboratories • Hercules, CA, United States
Full-time
Last updated: 9 days ago • Promoted
Lead - Governance, Risk & Compliance - AI & Data Unit
ClifyX • San Francisco, CA, US
Full-time
Last updated: 30+ days ago • Promoted
Founding Security Engineer – Governance, Risk & Compliance (GRC)
Sift Stack, Inc. • San Francisco, CA, United States
Full-time
Last updated: 30+ days ago • Promoted