This job has expired

This position was posted on October 7, 2025 and is likely no longer accepting applications. We've kept it here for historical reference. Check out the similar jobs below!

GRC (Governance, Risk, and Compliance) Analyst

YipitData, Inc.

Job Overview

Location

Remote

Job Type

Full-time

Full Job Description

📋 Description

• Own and continuously mature YipitData’s enterprise-wide Governance, Risk, and Compliance (GRC) program, ensuring that a $1B+ valuation, 475M Carlyle-backed firm operates with best-in-class security, privacy, and regulatory posture across all product lines and geographies.
• Serve as the single point of accountability for risk identification, assessment, treatment, and reporting—translating complex regulatory landscapes (SOC 2, ISO 27001, GDPR, CCPA, PCI-DSS, SOX, emerging AI/ML rules) into actionable, business-friendly guidance that enables rapid growth without friction.
• Design and maintain a living risk register that quantifies threats in dollars and probability, then orchestrate cross-functional mitigation plans with Engineering, Data, Legal, Finance, and Sales so every department understands its role in protecting company and client assets.
• Build and automate compliance workflows in GRC tooling (e.g., Drata, Vanta, Archer, or custom scripts) that cut evidence-collection time by 50%+, freeing analysts to focus on strategic risk reduction rather than manual checklists.
• Lead annual SOC 2 Type II and ISO 27001 certification cycles end-to-end—scoping controls, writing policies, conducting gap analyses, managing auditors, and remediating findings—while simultaneously preparing the firm for future FedRAMP or regional privacy seals.
• Translate YipitData’s unique alternative-data supply chain (billions of public web, transaction, and geolocation records) into defensible data-governance policies that satisfy both global regulators and Fortune 500 clients who demand transparency and ethical sourcing.
• Create a continuous-monitoring dashboard that surfaces real-time KPIs for security incidents, policy exceptions, vendor risk, and audit readiness to the Executive team and Board Risk Committee, turning compliance from a cost center into a competitive differentiator.
• Partner with Legal and Product Counsel to embed privacy-by-design into new AI-driven analytics features, ensuring that machine-learning models respect consent, minimize bias, and maintain audit trails required by forthcoming EU AI Act and U.S. state privacy laws.
• Develop and deliver role-based security-awareness training that scales from engineers deploying in AWS to sales reps handling prospect data, achieving 95%+ completion rates and measurable phishing-resistance improvements.
• Own third-party risk management: build a tiered vendor-assessment framework, conduct on-site or virtual audits of critical suppliers, negotiate security addenda, and maintain an evergreen vendor-risk scorecard that informs procurement decisions.
• Act as the primary liaison with external stakeholders—clients, auditors, regulators, and cyber-insurance underwriters—translating technical findings into executive-level narratives that reinforce trust and accelerate deal cycles.
• Champion a culture of “risk as a product” by running quarterly tabletop exercises, red-team/blue-team simulations, and post-mortems that turn lessons learned into policy updates, automated detections, and engineering backlog items.
• Continuously scan the horizon for emerging threats (AI deep-fakes, synthetic identity fraud, quantum cryptography) and regulatory shifts, producing concise briefs that enable proactive strategy pivots before competitors are aware of the change.
• Mentor junior analysts and cross-functional “control owners,” building a decentralized network of compliance champions who ensure that security and privacy scale faster than headcount.

🎯 Requirements

• 3–6 years of hands-on experience designing, implementing, and managing enterprise GRC programs in high-growth technology or data-centric companies; direct ownership of SOC 2 Type II and ISO 27001 certifications is mandatory.
• Deep working knowledge of at least three major frameworks/regulations (e.g., GDPR, CCPA, PCI-DSS, SOX, FedRAMP, HIPAA) and proven ability to map controls across overlapping requirements.
• Demonstrated proficiency with GRC or continuous-compliance platforms (Drata, Vanta, Archer, ServiceNow GRC, or equivalent) and scripting/automation skills (Python, SQL, or REST APIs) to eliminate manual evidence collection.
• Strong quantitative risk-analysis mindset—comfortable building risk matrices, Monte Carlo simulations, or FAIR models that translate cyber and privacy risks into financial impact for executive decision-making.
• Exceptional stakeholder-communication skills: able to distill complex technical and regulatory concepts into clear, concise briefs for engineers, sales leaders, and Board members alike.
• Nice-to-have: relevant certifications such as CISSP, CISA, CISM, CRISC, or GRC-specific credentials, plus prior experience with alternative-data or AI/ML governance challenges.

🏖️ Benefits

• Fully remote-first culture with flexible working hours and a $1,000 home-office stipend so you can build the perfect GRC command center from anywhere in the world.
• Competitive base salary plus equity in a $1B+ company backed by The Carlyle Group, giving you direct upside as our risk and compliance maturity drives enterprise value.
• Annual $2,000 professional-development budget for certifications, conferences (e.g., RSA, Gartner Security & Risk), and advanced training to keep your skills ahead of the curve.
• Comprehensive health, dental, vision, and mental-wellness coverage starting day one, plus 20 days PTO, 12 company holidays, and a “take-what-you-need” sick-leave policy.
• Monthly wellness stipend, quarterly team off-sites in global locations, and a culture that celebrates risk-reduction wins as loudly as product launches.

Skills & Technologies

Remote

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

YipitData, Inc.

Visit Website

About YipitData, Inc.

YipitData provides alternative data and market research to institutional investors, corporations and consultancies. By aggregating and analyzing billions of data points from e-commerce receipts, web traffic, app usage, pricing and other digital signals, the company delivers granular, real-time insights on company performance and industry trends. Clients use the platform to validate investment theses, monitor competitive dynamics and forecast revenue across sectors including consumer, technology, travel and marketplaces. Founded in 2013 and headquartered in New York City, YipitData serves hedge funds, private equity firms and Fortune 500 corporate strategy teams worldwide.

View Company Profile