Senior GRC Analyst

Juniper Square, Inc.

Job Overview

Location

USA

Job Type

Full-time

Full Job Description

📋 Description

• Juniper Square is on a mission to democratize private markets, making assets like commercial real estate, private equity, and venture capital accessible to a broader audience. We achieve this by digitizing these markets, fostering efficiency, transparency, and access. If you are passionate about leveraging technology to improve financial markets and thrive in a values-driven organization, we encourage you to apply.
• We embrace a digital-first, hybrid work model, enabling effective collaboration across a distributed team spanning 27 U.S. states, 2 Canadian Provinces, India, Luxembourg, and England. For those who prefer an in-office environment, we have physical locations in San Francisco, New York City, Mumbai, and Bangalore.
• As a Senior GRC Analyst, you will play a pivotal role in supporting and enhancing Juniper Square's Governance, Risk Management, and Compliance (GRC) program. This position is ideal for an individual with a proven track record of building and scaling robust, yet practical, risk management and compliance processes within a high-growth company.
• You will be instrumental in ensuring our organization operates with integrity, security, and adherence to relevant regulations and standards, thereby fostering customer trust and protecting our business.
• Your responsibilities will encompass a wide range of GRC activities, requiring a proactive and collaborative approach.
• Customer Trust and Assurance:
• Compliance Management:
• Lead the maintenance and onboarding of existing and new security compliance certifications and frameworks, such as SOC 2, ISO 27001, and others, ensuring Juniper Square meets and exceeds industry standards.
• Collaborate closely with cross-functional teams to efficiently gather and provide control evidence to external auditors, ensuring timely and accurate submissions.
• Act as the primary liaison between internal teams and external auditors, facilitating a seamless and efficient audit process.
• Drive continuous improvement of the audit process by identifying opportunities for automation and controls rationalization, aiming for greater efficiency and effectiveness year over year.
• Proactively monitor and test the effectiveness of compliance controls throughout the year, moving beyond a purely audit-driven approach to ensure ongoing control health.
• Serve as a subject matter expert for all compliance-related inquiries, providing guidance and support across the organization.
• Identify and assess the impact of significant business changes, such as geographical expansions, internal tool replacements, or the introduction of new products, on our compliance posture, ensuring proactive adaptation.
• Customer Trust Initiatives:
• Maintain and update our Trust Center, ensuring all security documentation and knowledge base articles are current and readily accessible.
• Provide essential support to sales teams by addressing their open security and privacy-related questions, enabling them to confidently engage with prospects.
• Diligently review incoming security and privacy addendums to customer contracts, ensuring alignment with our security policies and risk appetite.
• Support customers in their security and privacy audits, acting as a key point of contact and facilitator.
• Partner with Sales and Solutions Engineering teams to coach and educate them on Juniper Square's robust security and compliance posture, empowering them to communicate our commitment effectively.
• Governance:
• Policy Management:
• Develop and refine a comprehensive suite of security and privacy policies and procedures in close collaboration with Legal, HR, IT, and Engineering departments.
• Ensure policies and procedures are reviewed and updated annually, incorporating stakeholder feedback and securing necessary approvals.
• Define and manage an ongoing process for handling policy exceptions, meticulously assessing and mitigating associated risks.
• Security and Privacy Training and Awareness:
• Design and implement role-specific and team-specific security and privacy training programs, working closely with key business partners to tailor content effectively.
• Oversee the successful rollout, escalation, and completion tracking of all security and privacy training modules across the organization.
• Phishing Management:
• Manage regular phishing simulation campaigns, incorporating appropriate re-training processes for employees who fall victim to simulations.
• Refine existing phishing reporting mechanisms and ensure seamless integration with our incident management processes for a holistic security response.
• GRC Metrics and Reporting:
• Establish and track key performance metrics for the GRC function, ensuring the program's effectiveness and alignment with organizational objectives.
• Risk Management:
• Enterprise Risk Management:
• Maintain up-to-date business unit risk registers through monthly engagement with existing teams, ensuring key risk areas are identified and addressed proactively.
• Co-develop and coach business units on creating and implementing right-sized and right-scoped risk remediation plans.
• Facilitate the onboarding of new business units onto the established risk management process, ensuring consistent application of risk practices.
• Third-Party Risk Management:
• Triage incoming technical security requests related to vendor application/system integrations, routing them to the appropriate internal teams for expert input.
• Conduct thorough security risk assessments and audits of vendors to evaluate the maturity of their security programs, controls, and documentation, ensuring our supply chain is secure.
• You will be a key contributor to fostering a culture of security and risk awareness throughout Juniper Square, influencing stakeholders at all levels to adopt best practices and contribute to our overall resilience.

🎯 Requirements

• Bachelor's degree in Information Systems, Engineering, Business, Risk Management, or a closely related field.
• 5+ years of progressive experience in Governance, Risk, and Compliance (GRC), information security, internal audit, or a related discipline, with demonstrated experience in managing SOC 2 and/or ISO 27001 programs.
• Deep understanding of established GRC frameworks (e.g., NIST, ISO 27001, SOC 2) and relevant regulations (e.g., GDPR, CCPA).
• Proven experience in designing, developing, and implementing scalable and effective GRC processes and programs within a dynamic environment.
• Demonstrated ability to manage multiple GRC projects concurrently, prioritizing effectively and delivering results.
• Exceptional communication, interpersonal, and influencing skills, with the ability to build rapport and collaborate effectively with diverse stakeholders across all levels of the organization, fostering a partnership-oriented approach to risk management.

🏖️ Benefits

• Comprehensive health, dental, and vision insurance plans for you and your family.
• Life insurance coverage to provide financial security.
• Robust mental wellness support and resources.
• Benefits designed to support fertility treatments and growing families.
• Generous Flex Time Off policy, in addition to company-paid holidays.
• Paid leave policies for family, medical, and bereavement needs.
• Retirement savings plans to help you plan for the future.
• A customizable allowance for your home work and technology setup.
• Annual stipend dedicated to your professional development and continuous learning.

Skills & Technologies

Senior

Remote

Degree Required

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

Juniper Square, Inc.

Visit Website

About Juniper Square, Inc.

Juniper Square is a SaaS provider focused on investment-management software for the private funds industry. Founded in 2014 and headquartered in San Francisco, the platform streamlines fundraising, investor onboarding, capital calls, distributions, reporting, and compliance workflows for real estate, private equity, and venture capital managers. It integrates CRM, document management, e-signature, and analytics into a single cloud system to reduce manual processes and improve transparency. The company serves hundreds of fund sponsors managing tens of thousands of investors and billions in assets under administration.

View Company Profile