Senior GRC Analyst
About the Role
Tines is seeking an experienced Senior Governance, Risk, and Compliance (GRC) Analyst to strengthen our compliance strategy and execution during a pivotal growth phase. Reporting directly to the Head of IT Operations & Information Security, you will play a critical role in our FedRAMP program while maintaining our existing SOC 2 compliance.
Location: Based remotely in the United States.
Key Responsibilities
FedRAMP Certification Efforts - Assist our FedRAMP certification program, including gap analysis, remediation planning, documentation development, and coordination with 3PAO assessors
Maintain SOC 2 Compliance - Support continuous compliance with SOC 2 requirements, including evidence collection, control testing, and audit coordination
Vendor Risk Management - Establish and manage a comprehensive vendor risk assessment program, evaluating security controls and compliance posture before acquisition
Risk Assessment and Management - Conduct thorough risk analyses for systems, processes, and third-party applications, implementing appropriate controls to mitigate identified risks
Compliance Automation - Leverage Tines automation capabilities to streamline compliance processes, evidence collection, and reporting
Customer Security Assurance - Respond to customer security inquiries, questionnaires, and audit requests, maintaining our Trust Center with up-to-date documentation
Policy Development and Maintenance - Review, update, and develop security policies and procedures aligned with regulatory requirements and industry best practices
Cross-functional Collaboration - Partner with engineering, product, legal, and leadership teams to embed compliance requirements into organizational processes
Contract Review and Management - Collaborate closely with the legal team to review contracts for security and compliance requirements, ensure appropriate security provisions are included, identify potential compliance risks, and recommend mitigating controls. Help develop standardized security language for various contract types.
Regulatory Monitoring - Stay current with evolving compliance standards and regulatory requirements relevant to our business and customers
Qualifications
Required
8+ years of experience in IT compliance, security, or risk management
Demonstrated experience with FedRAMP certification processes and requirements
Hands-on experience implementing or maintaining ISO 27001 compliance
Strong knowledge of SOC 2 compliance frameworks and audit processes
Experience conducting vendor security assessments and risk analyses
Excellent understanding of information security principles, controls, and best practices
Strong project management skills with ability to manage multiple compliance initiatives simultaneously
Exceptional communication skills for translating technical requirements to non-technical stakeholders
Preferred
Industry certifications such as CISSP, CISA, or CISM
Experience with compliance automation tools and techniques
Knowledge of cloud security principles and controls (AWS, Azure, GCP)
Experience reviewing contracts for security and compliance requirements
Experience in SaaS or technology companies
Familiarity with privacy regulations (GDPR, CCPA)
Experience working in remote-first environments
Applicants for this opportunity must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time.
#LI-SW1
About the job
Apply for this position
Senior GRC Analyst
About the Role
Tines is seeking an experienced Senior Governance, Risk, and Compliance (GRC) Analyst to strengthen our compliance strategy and execution during a pivotal growth phase. Reporting directly to the Head of IT Operations & Information Security, you will play a critical role in our FedRAMP program while maintaining our existing SOC 2 compliance.
Location: Based remotely in the United States.
Key Responsibilities
FedRAMP Certification Efforts - Assist our FedRAMP certification program, including gap analysis, remediation planning, documentation development, and coordination with 3PAO assessors
Maintain SOC 2 Compliance - Support continuous compliance with SOC 2 requirements, including evidence collection, control testing, and audit coordination
Vendor Risk Management - Establish and manage a comprehensive vendor risk assessment program, evaluating security controls and compliance posture before acquisition
Risk Assessment and Management - Conduct thorough risk analyses for systems, processes, and third-party applications, implementing appropriate controls to mitigate identified risks
Compliance Automation - Leverage Tines automation capabilities to streamline compliance processes, evidence collection, and reporting
Customer Security Assurance - Respond to customer security inquiries, questionnaires, and audit requests, maintaining our Trust Center with up-to-date documentation
Policy Development and Maintenance - Review, update, and develop security policies and procedures aligned with regulatory requirements and industry best practices
Cross-functional Collaboration - Partner with engineering, product, legal, and leadership teams to embed compliance requirements into organizational processes
Contract Review and Management - Collaborate closely with the legal team to review contracts for security and compliance requirements, ensure appropriate security provisions are included, identify potential compliance risks, and recommend mitigating controls. Help develop standardized security language for various contract types.
Regulatory Monitoring - Stay current with evolving compliance standards and regulatory requirements relevant to our business and customers
Qualifications
Required
8+ years of experience in IT compliance, security, or risk management
Demonstrated experience with FedRAMP certification processes and requirements
Hands-on experience implementing or maintaining ISO 27001 compliance
Strong knowledge of SOC 2 compliance frameworks and audit processes
Experience conducting vendor security assessments and risk analyses
Excellent understanding of information security principles, controls, and best practices
Strong project management skills with ability to manage multiple compliance initiatives simultaneously
Exceptional communication skills for translating technical requirements to non-technical stakeholders
Preferred
Industry certifications such as CISSP, CISA, or CISM
Experience with compliance automation tools and techniques
Knowledge of cloud security principles and controls (AWS, Azure, GCP)
Experience reviewing contracts for security and compliance requirements
Experience in SaaS or technology companies
Familiarity with privacy regulations (GDPR, CCPA)
Experience working in remote-first environments
Applicants for this opportunity must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time.
#LI-SW1