Senior GRC Analyst

Job Summary

Owning Doppler's security and compliance program, the full-time Senior GRC Analyst will maintain SOC 2 Type II and ISO 27001 certifications, drive compliance initiatives, and act as the internal expert and external face of security for enterprise customers in a remote setting.

Key responsibilities

• Maintain SOC 2 Type II and ISO 27001 certifications, including evidence collection and audit coordination
• Lead security working group sessions for risk identification, policy updates, and remediation tracking
• Respond to security questionnaires and RFPs, representing compliance posture to customers and partners

Required qualifications

• 5+ years of experience in security, compliance, or GRC with direct ownership of SOC 2 Type II and ISO 27001 programs
• Hands-on experience with Vanta or a comparable GRC platform, focusing on automating compliance workflows
• Technical fluency in cloud architecture and ability to interpret pen test reports
• Strong understanding of PCI DSS and GDPR requirements, with experience in certification work
• Excellent communication skills for diverse audiences, including technical and executive stakeholders