BambooHR
Overview
Join to apply for the
GRC Analyst
role at
BambooHR . This is a Utah-based hybrid position which will require some regular in-office days each week. Employment with BambooHR is contingent on passing both a background and credit check. Responsibilities
Work with internal stakeholder teams to document the implementation of security compliance control implementations for technical, management, and operational requirements. Conduct gap analysis of current policies, procedures, and practices as they relate to established guidelines outlined by NIST, FISMA, HIPAA, and other regulatory standards. Conduct risk assessments of technology infrastructure and operational processes and controls for assigned areas. Embrace AI as an essential tool for improving GRC accuracy, efficiency, and proactive risk management. Use AI-powered platforms for continuous controls monitoring, predictive risk assessments, and identifying compliance gaps while incorporating responsible AI use into practices. Improve efficiency in evidence collection and analysis, allowing the team to begin shifting time toward higher-value GRC activities with AI support. Build and maintain the controls matrix, in alignment with multiple compliance frameworks, including SOC 1 & SOC 2, PCI DSS, NIST CSF, ISO 27001, ISO 27018, ISO 42001, HITRUST, and HIPAA. Develop and maintain security documentation such as the System Security Plan, Privacy Impact Assessment, Configuration Management Plan, Contingency Plan, Contingency Plan Test Report, POA&M, annual FISMA assessment, and incident reports. Assist in delivering and maintaining information security training and awareness programs. Perform vendor management/security risk assessments and interface with vendors on occasion. Track efforts related to threat and vulnerability assessment processes to monitor and remediate vulnerabilities in a timely manner. What You Need to Get the Job Done
Bachelor's degree in Computer Science, Information Technology, or related field. Minimum of 1 year of experience in compliance, audit, and/or information security. CISSP, CISA, CCSA, or equivalent certification preferred. Familiarity with enterprise-level compliance tools such as Drata, Vanta, ServiceNow, Archer, IBM GRC or other industry equivalent software. Foundational understanding and eagerness to learn FedRAMP, NIST CSF, FISMA, NIST RMF, NIST FIPS 199, ISO 27001, ISO 27018, ISO 42001, SOC 1, SOC 2, HIPAA and HITRUST. Basic understanding of cloud based environments for production applications, including Amazon Web Services, Google Cloud, or other large-scale cloud deployments. Experience in the vulnerability assessment lifecycle from the point of identification to remediation. Interpersonal skills to work as a team member and as a liaison. Excellent verbal communication, presentation, organizational and planning skills, and great attitude and ability to learn new things quickly. AI at BambooHR: We are actively integrating AI into our solutions and workflows to enhance efficiency and drive innovation. We seek individuals who are curious about AI, eager to learn and adapt, and ready to explore how intelligent tools can elevate their work along with BambooHR's impact on setting people free to do great work. What You'll Love About Us
A Great Company Culture that has been recognized by multiple organizations like Inc, and Salt Lake Tribune. Comprehensive health, life, and disability insurance. Generous leave policies including 4 weeks of vacation, 12 company holidays, parental leave, and volunteer time off. 401k plans with up to 6% company match. $2000 Paid Vacation bonus. EAP through Headspace. Check out all our benefits that benefit you. About Us
At BambooHR, we're building something different: we're building a people intelligence platform that transforms HR and sets people free to do great work. We're a proven market leader driving innovation while building lasting success through thoughtful, sustainable growth. Here, you'll find a place that champions growth: both professional and personal, both individual and collective. We invest in potential, giving you the space to stretch your capabilities and turn good ideas into reality while providing the safety net of a supportive, values-driven culture. Our approach combines meaningful work with meaningful lives, offering competitive benefits, professional development, and the flexibility to thrive both in and outside the office. What sets us apart isnt just what we do, but how we do it: with openness, integrity, and a shared commitment to doing the right thing. Join us in creating HR software that makes work better for everyone, while we make work better for you. BambooHR is committed to the full inclusion of all qualified individuals and will ensure that persons with disabilities are provided reasonable accommodations throughout the hiring process. If you would like to request accommodations, please let your recruiter know. BambooHR is An Equal Opportunity Employer--M/F/D/V. Because our team members are trusted to handle sensitive information, we require all candidates that receive and accept employment offers to complete a background check before being hired. For information on California Privacy Policy, click here. Seniority level
Entry level Employment type
Full-time Job function
Business Development and Sales Industries Human Resources Services
#J-18808-Ljbffr
Join to apply for the
GRC Analyst
role at
BambooHR . This is a Utah-based hybrid position which will require some regular in-office days each week. Employment with BambooHR is contingent on passing both a background and credit check. Responsibilities
Work with internal stakeholder teams to document the implementation of security compliance control implementations for technical, management, and operational requirements. Conduct gap analysis of current policies, procedures, and practices as they relate to established guidelines outlined by NIST, FISMA, HIPAA, and other regulatory standards. Conduct risk assessments of technology infrastructure and operational processes and controls for assigned areas. Embrace AI as an essential tool for improving GRC accuracy, efficiency, and proactive risk management. Use AI-powered platforms for continuous controls monitoring, predictive risk assessments, and identifying compliance gaps while incorporating responsible AI use into practices. Improve efficiency in evidence collection and analysis, allowing the team to begin shifting time toward higher-value GRC activities with AI support. Build and maintain the controls matrix, in alignment with multiple compliance frameworks, including SOC 1 & SOC 2, PCI DSS, NIST CSF, ISO 27001, ISO 27018, ISO 42001, HITRUST, and HIPAA. Develop and maintain security documentation such as the System Security Plan, Privacy Impact Assessment, Configuration Management Plan, Contingency Plan, Contingency Plan Test Report, POA&M, annual FISMA assessment, and incident reports. Assist in delivering and maintaining information security training and awareness programs. Perform vendor management/security risk assessments and interface with vendors on occasion. Track efforts related to threat and vulnerability assessment processes to monitor and remediate vulnerabilities in a timely manner. What You Need to Get the Job Done
Bachelor's degree in Computer Science, Information Technology, or related field. Minimum of 1 year of experience in compliance, audit, and/or information security. CISSP, CISA, CCSA, or equivalent certification preferred. Familiarity with enterprise-level compliance tools such as Drata, Vanta, ServiceNow, Archer, IBM GRC or other industry equivalent software. Foundational understanding and eagerness to learn FedRAMP, NIST CSF, FISMA, NIST RMF, NIST FIPS 199, ISO 27001, ISO 27018, ISO 42001, SOC 1, SOC 2, HIPAA and HITRUST. Basic understanding of cloud based environments for production applications, including Amazon Web Services, Google Cloud, or other large-scale cloud deployments. Experience in the vulnerability assessment lifecycle from the point of identification to remediation. Interpersonal skills to work as a team member and as a liaison. Excellent verbal communication, presentation, organizational and planning skills, and great attitude and ability to learn new things quickly. AI at BambooHR: We are actively integrating AI into our solutions and workflows to enhance efficiency and drive innovation. We seek individuals who are curious about AI, eager to learn and adapt, and ready to explore how intelligent tools can elevate their work along with BambooHR's impact on setting people free to do great work. What You'll Love About Us
A Great Company Culture that has been recognized by multiple organizations like Inc, and Salt Lake Tribune. Comprehensive health, life, and disability insurance. Generous leave policies including 4 weeks of vacation, 12 company holidays, parental leave, and volunteer time off. 401k plans with up to 6% company match. $2000 Paid Vacation bonus. EAP through Headspace. Check out all our benefits that benefit you. About Us
At BambooHR, we're building something different: we're building a people intelligence platform that transforms HR and sets people free to do great work. We're a proven market leader driving innovation while building lasting success through thoughtful, sustainable growth. Here, you'll find a place that champions growth: both professional and personal, both individual and collective. We invest in potential, giving you the space to stretch your capabilities and turn good ideas into reality while providing the safety net of a supportive, values-driven culture. Our approach combines meaningful work with meaningful lives, offering competitive benefits, professional development, and the flexibility to thrive both in and outside the office. What sets us apart isnt just what we do, but how we do it: with openness, integrity, and a shared commitment to doing the right thing. Join us in creating HR software that makes work better for everyone, while we make work better for you. BambooHR is committed to the full inclusion of all qualified individuals and will ensure that persons with disabilities are provided reasonable accommodations throughout the hiring process. If you would like to request accommodations, please let your recruiter know. BambooHR is An Equal Opportunity Employer--M/F/D/V. Because our team members are trusted to handle sensitive information, we require all candidates that receive and accept employment offers to complete a background check before being hired. For information on California Privacy Policy, click here. Seniority level
Entry level Employment type
Full-time Job function
Business Development and Sales Industries Human Resources Services
#J-18808-Ljbffr