Carta
Senior GRC Analyst II
Location: San Francisco, CA; Seattle, WA; New York City, NY. Remote flexible.
Overview Carta connects founders, investors, and limited partners through world‑class software, purpose‑built for everyone in venture capital, private equity and private credit. Carta’s Fund Administration platform supports 9,000+ funds and SPVs, representing nearly $185B in assets under management, with tools designed to enhance the strategic impact of fund CFOs.
Responsibilities
Manage and continually improve the Carta Governance, Risk, and Compliance program, ensuring it is aligned with our security strategy and business objectives.
Develop, maintain, and lead the adoption of security policies, standards, and guidelines to ensure compliance with applicable regulatory requirements.
Lead and coordinate internal and external security audits.
Perform security assessments of vendors, third parties, and applications.
Partner with cross‑functional teams to review initiatives that could impact compliance requirements.
Manage risk program activities including risk identification, tracking, and prioritization.
Collaborate with engineering and product teams to assess risk posture and compliance status, and support remediation activities.
The Team You'll Work With You will be part of a security‑minded team that believes in progress over perfection and where security culture and mindset is key. Our team is rethinking how GRC activities can be accomplished in innovative ways. We do not focus on building processes, but instead how to solve business problems while minimizing and managing risk exposure for Carta.
About You
A strong understanding and working knowledge of information security and compliance frameworks, such as SOC 1 and 2, ISO 27001, NIST CSF, GDPR, CCPA, FINRA, SOX and SEC cybersecurity requirements.
Excellent judgment and the ability to make balanced decisions when working with complex situations.
Proven understanding of public cloud infrastructure and services in AWS and GCP including knowledge of cloud‑native security protection measures, tools, and techniques.
Proven ability to collaborate with cross‑functional teams and affect change to accomplish goals.
Excellent written and verbal communication skills, including the ability to effectively communicate business and cybersecurity risk.
5+ years of experience in developing and executing governance, risk and compliance functions.
Compensation Carta’s compensation package includes a market competitive salary, equity for all full‑time roles, exceptional benefits, and, for applicable roles, commission plans. Our minimum cash compensation (salary + commission if applicable) range for this role is:
$193,800 – $228,000 in San Francisco, CA; Santa Clara, CA; New York City, NY
$184,110 – $216,600 in Seattle, WA
Disclosures We are an equal opportunity employer and are committed to providing a positive interview experience for every candidate. If accommodations due to a disability or medical condition are needed, please connect with the talent partner via email.
We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress toward this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.
Why are you being asked to complete this form? We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress toward this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.
If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:
We do not discriminate on the basis of any protected group status under any applicable law.
#J-18808-Ljbffr
Overview Carta connects founders, investors, and limited partners through world‑class software, purpose‑built for everyone in venture capital, private equity and private credit. Carta’s Fund Administration platform supports 9,000+ funds and SPVs, representing nearly $185B in assets under management, with tools designed to enhance the strategic impact of fund CFOs.
Responsibilities
Manage and continually improve the Carta Governance, Risk, and Compliance program, ensuring it is aligned with our security strategy and business objectives.
Develop, maintain, and lead the adoption of security policies, standards, and guidelines to ensure compliance with applicable regulatory requirements.
Lead and coordinate internal and external security audits.
Perform security assessments of vendors, third parties, and applications.
Partner with cross‑functional teams to review initiatives that could impact compliance requirements.
Manage risk program activities including risk identification, tracking, and prioritization.
Collaborate with engineering and product teams to assess risk posture and compliance status, and support remediation activities.
The Team You'll Work With You will be part of a security‑minded team that believes in progress over perfection and where security culture and mindset is key. Our team is rethinking how GRC activities can be accomplished in innovative ways. We do not focus on building processes, but instead how to solve business problems while minimizing and managing risk exposure for Carta.
About You
A strong understanding and working knowledge of information security and compliance frameworks, such as SOC 1 and 2, ISO 27001, NIST CSF, GDPR, CCPA, FINRA, SOX and SEC cybersecurity requirements.
Excellent judgment and the ability to make balanced decisions when working with complex situations.
Proven understanding of public cloud infrastructure and services in AWS and GCP including knowledge of cloud‑native security protection measures, tools, and techniques.
Proven ability to collaborate with cross‑functional teams and affect change to accomplish goals.
Excellent written and verbal communication skills, including the ability to effectively communicate business and cybersecurity risk.
5+ years of experience in developing and executing governance, risk and compliance functions.
Compensation Carta’s compensation package includes a market competitive salary, equity for all full‑time roles, exceptional benefits, and, for applicable roles, commission plans. Our minimum cash compensation (salary + commission if applicable) range for this role is:
$193,800 – $228,000 in San Francisco, CA; Santa Clara, CA; New York City, NY
$184,110 – $216,600 in Seattle, WA
Disclosures We are an equal opportunity employer and are committed to providing a positive interview experience for every candidate. If accommodations due to a disability or medical condition are needed, please connect with the talent partner via email.
We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress toward this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.
Why are you being asked to complete this form? We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress toward this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.
If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:
We do not discriminate on the basis of any protected group status under any applicable law.
#J-18808-Ljbffr