Senior GRC Analyst

Job Summary

Owning the full GRC function, the full-time Senior GRC Analyst will manage governance, risk management, compliance, control ownership, and audit coordination in a remote capacity, ensuring alignment with organizational goals and regulatory obligations.

Key Responsibilities

• Set the strategic direction for ATG's GRC program and maintain the information security and data governance policy framework
• Identify, assess, and manage risks across technology and data landscapes, focusing on third-party relationships and business continuity
• Ensure compliance with PCI DSS, GDPR, UK GDPR, CPRA, and CCPA, reporting on compliance status to leadership and the Audit Committee

Required Qualifications

• 5 to 8 years of hands-on GRC experience in a technology company or SaaS environment
• Demonstrated experience with PCI DSS compliance and familiarity with GDPR and UK GDPR requirements
• Experience coordinating IT general controls for external financial audits
• Proven ability to build and maintain risk registers, policy frameworks, and audit trails
• Professional certification such as CISA, CIPP/US, CIPP/E, or CRISC is highly desirable