Avetta
If residing within commutable distance to one of our offices, a hybrid schedule would be required (3 days in office, 2 days work from home). Those outside of commutable distance may be considered on a remote basis.
SUMMARY Avetta’s SaaS platform connects the world’s leading organizations with qualified suppliers, contractors, and vendors. We bring unmatched visibility to companies through cloud-based technology and human insights. As a result, we foster sustainable growth for businesses and their supply chains. Our SaaS subscription software is used by 85k+ active customers in over 100 countries.
The GRC Analyst’s primary role is to support the organization’s governance, risk, and compliance activities by performing day-to-day control monitoring, evidence collection, risk assessments, and documentation updates. This role works closely with security, IT, engineering, and business teams to ensure compliance requirements are understood and met. The GRC Analyst helps maintain policies, track remediation tasks, assist with audits, and keep the GRC platform organized and accurate. They play a key part in strengthening the company’s control environment and ensuring ongoing readiness for audits and regulatory obligations. Secondary responsibilities may include assisting monitoring and responding to SOC alerts, implementing and supporting security tools, and other tasks as assigned.
ESSENTIAL DUTIES AND RESPONSIBILITIES
Governance & Program Support - Assist in maintaining security and compliance policies, standards, and procedures. - Support updates to documentation, control mappings, and compliance workflows. - Help prepare reports and dashboards for leadership or auditors.
Risk Management - Support enterprise and departmental risk assessment activities by gathering data, performing initial risk scoring, and documenting findings. - Track remediation items and follow up with stakeholders to ensure timely completion. - Maintain the risk register and ensure entries remain current and accurate.
Compliance Operations & GRC Tooling - Collect and organize audit evidence for SOC 2, ISO 27001, PCI, and other frameworks. - Conduct control testing and gap assessments under the guidance of senior team members. - Monitor control performance and document exceptions or potential issues. - Maintain and update GRC platforms (e.g., Vanta, Drata, Anecdotes, OneTrust).
Policy & Control Support - Help maintain the centralized control library and update mappings across multiple frameworks. - Assist teams in understanding control requirements and preparing evidence.
Vendor & Third-Party Risk - Perform security reviews and tracking of vendors, questionnaire analysis, and documentation.
Training and Awareness - Assist in developing or distributing compliance training materials and reminders. - Help ensure employees complete required annual training.
IDEAL EXPERIENCE, EDUCATION & TRAINING
Bachelor’s degree in Information Security, Business, Risk Management, or related field (or equivalent practical experience).
1–3+ years of experience in compliance, IT audit, cybersecurity operations, risk management, or a similar field.
Exposure to common compliance frameworks such as SOC 2, ISO 27001, NIST CSF, SOX, HIPAA, or PCI (hands‑on experience is preferred).
Basic understanding of security controls, audit principles, and risk management concepts.
Familiarity with cloud technologies (AWS, Azure, GCP) and SaaS environments.
Experience with GRC tools and ticketing systems is a plus.
Ability to review evidence, evaluate control performance, and document findings clearly.
Strong attention to detail and organizational skills.
Good communication skills and ability to collaborate with cross‑functional teams.
Ability to manage multiple tasks and maintain accuracy under deadlines.
Analytical mindset with a willingness to learn and improve processes.
At Avetta, we are committed to salary transparency to ensure equitable hiring practices and promote trust. The salary range included in this job posting is based on internal and market data and the role's responsibilities. The final compensation offered to a candidate will be determined by several factors, including work location, job‑related skills, experience, and relevant education or training.
The salary range for this position is $83,000.00 $91,500.00 per year, with a potential bonus.
Benefits included:
Health, Dental, and Vision Insurance
401(k)
Paid Time Off
Avetta is an equal opportunity employer and values diversity. We encourage individuals from all backgrounds and experiences to apply.
To apply for the GRC Analyst position, please submit your online application by February 28, 2026, at 11:59 PM PST.
IMPORTANT NOTICE We have received reports of fraudulent emails from certain domains, including avettacareers.com, impersonating Avetta, LLC to recruit individuals. These emails are phishing scams and do not represent legitimate job opportunities. Please note that the only valid domain for Avetta is www.avetta.com . If you encounter any suspicious emails, please report them to infosec@avetta.com immediately. Thank you for your vigilance.
#J-18808-Ljbffr
SUMMARY Avetta’s SaaS platform connects the world’s leading organizations with qualified suppliers, contractors, and vendors. We bring unmatched visibility to companies through cloud-based technology and human insights. As a result, we foster sustainable growth for businesses and their supply chains. Our SaaS subscription software is used by 85k+ active customers in over 100 countries.
The GRC Analyst’s primary role is to support the organization’s governance, risk, and compliance activities by performing day-to-day control monitoring, evidence collection, risk assessments, and documentation updates. This role works closely with security, IT, engineering, and business teams to ensure compliance requirements are understood and met. The GRC Analyst helps maintain policies, track remediation tasks, assist with audits, and keep the GRC platform organized and accurate. They play a key part in strengthening the company’s control environment and ensuring ongoing readiness for audits and regulatory obligations. Secondary responsibilities may include assisting monitoring and responding to SOC alerts, implementing and supporting security tools, and other tasks as assigned.
ESSENTIAL DUTIES AND RESPONSIBILITIES
Governance & Program Support - Assist in maintaining security and compliance policies, standards, and procedures. - Support updates to documentation, control mappings, and compliance workflows. - Help prepare reports and dashboards for leadership or auditors.
Risk Management - Support enterprise and departmental risk assessment activities by gathering data, performing initial risk scoring, and documenting findings. - Track remediation items and follow up with stakeholders to ensure timely completion. - Maintain the risk register and ensure entries remain current and accurate.
Compliance Operations & GRC Tooling - Collect and organize audit evidence for SOC 2, ISO 27001, PCI, and other frameworks. - Conduct control testing and gap assessments under the guidance of senior team members. - Monitor control performance and document exceptions or potential issues. - Maintain and update GRC platforms (e.g., Vanta, Drata, Anecdotes, OneTrust).
Policy & Control Support - Help maintain the centralized control library and update mappings across multiple frameworks. - Assist teams in understanding control requirements and preparing evidence.
Vendor & Third-Party Risk - Perform security reviews and tracking of vendors, questionnaire analysis, and documentation.
Training and Awareness - Assist in developing or distributing compliance training materials and reminders. - Help ensure employees complete required annual training.
IDEAL EXPERIENCE, EDUCATION & TRAINING
Bachelor’s degree in Information Security, Business, Risk Management, or related field (or equivalent practical experience).
1–3+ years of experience in compliance, IT audit, cybersecurity operations, risk management, or a similar field.
Exposure to common compliance frameworks such as SOC 2, ISO 27001, NIST CSF, SOX, HIPAA, or PCI (hands‑on experience is preferred).
Basic understanding of security controls, audit principles, and risk management concepts.
Familiarity with cloud technologies (AWS, Azure, GCP) and SaaS environments.
Experience with GRC tools and ticketing systems is a plus.
Ability to review evidence, evaluate control performance, and document findings clearly.
Strong attention to detail and organizational skills.
Good communication skills and ability to collaborate with cross‑functional teams.
Ability to manage multiple tasks and maintain accuracy under deadlines.
Analytical mindset with a willingness to learn and improve processes.
At Avetta, we are committed to salary transparency to ensure equitable hiring practices and promote trust. The salary range included in this job posting is based on internal and market data and the role's responsibilities. The final compensation offered to a candidate will be determined by several factors, including work location, job‑related skills, experience, and relevant education or training.
The salary range for this position is $83,000.00 $91,500.00 per year, with a potential bonus.
Benefits included:
Health, Dental, and Vision Insurance
401(k)
Paid Time Off
Avetta is an equal opportunity employer and values diversity. We encourage individuals from all backgrounds and experiences to apply.
To apply for the GRC Analyst position, please submit your online application by February 28, 2026, at 11:59 PM PST.
IMPORTANT NOTICE We have received reports of fraudulent emails from certain domains, including avettacareers.com, impersonating Avetta, LLC to recruit individuals. These emails are phishing scams and do not represent legitimate job opportunities. Please note that the only valid domain for Avetta is www.avetta.com . If you encounter any suspicious emails, please report them to infosec@avetta.com immediately. Thank you for your vigilance.
#J-18808-Ljbffr