Senior Staff Analyst, GRC

📋 Description

• • The Senior Staff Analyst, GRC role at Mozilla Corporation is pivotal in shaping a secure and compliant technology environment aligned with Mozilla’s mission to make the internet better for people. This position leads the development and implementation of an integrated Governance, Risk, and Compliance (GRC) framework across both enterprise and product verticals, ensuring alignment with business objectives and regulatory expectations.
• • Day to day, the role involves developing and maintaining a comprehensive GRC strategy and roadmap, leading the creation and enforcement of standards, policies, controls, and audits. The analyst will operationalize risk assessment frameworks, define measurable scorecards and metrics for data-driven decisions, ensure compliance with ISO, NIST, SOC2, CCPA, GDPR, and other frameworks, lead internal and external audit activities, and partner closely with Legal, IT, Finance, and Security teams to align on GRC initiatives. Additionally, the role includes defining data lifecycle management requirements and reporting scorecards across enterprise and product domains in collaboration with data platform and legal teams.
• • The role sits within the Security Function of Mozilla’s Infrastructure team, which supports Product, Enterprise, and GRC functions organization-wide. Mozilla is a non-profit-backed technology company known for Firefox and its mission-driven approach to building a safer, more private internet. With over 225 million monthly users, Mozilla prioritizes people over profits, operates without shareholder pressure, and fosters a global community of volunteer contributors. The company is deeply committed to diversity, equity, inclusion, and accessibility, offering accommodations and upholding equal opportunity employment principles.
• • In this role, the individual will develop deep expertise in enterprise-wide GRC integration, influence cross-functional change at a mission-driven tech leader, and gain experience aligning security, privacy, regulatory, and risk management initiatives. They will strengthen leadership in stakeholder engagement, drive long-term organizational impact through data-informed risk strategies, and contribute to Mozilla’s broader goal of reclaiming the internet for people.