Senior Analyst, Governance, Risk and Compliance
Formstack
Who You Are:
The Senior Analyst, Governance, Risk, and Compliance (GRC) is a key member of the Information Security team responsible for managing, monitoring, and advancing Formstack’s compliance with various security and privacy regulations and frameworks. This individual will play a pivotal role in ensuring that Formstack’s operations, products, and services are compliant with industry standards while helping to mitigate risks and support governance initiatives.
What You Will Do:
- Lead and manage Formstack’s compliance initiatives related to regulations such as HIPAA, SOC 2, GDPR, ISO 27001, PCI-DSS, CCPA, and others.- Collaborate with internal teams (product, legal, IT, and engineering) to develop, implement, and maintain Formstack’s security policies, controls, and procedures.- Perform risk assessments and conduct security audits across departments to ensure compliance with regulatory and industry standards.- Assist in the preparation and facilitation of external audits and certifications (e.g., SOC 2 audits, ISO 27001 certification processes).- Maintain and enhance Formstack's risk management framework, including the identification, assessment, and mitigation of operational, legal, and regulatory risks.- Monitor security compliance trends, changes in regulatory requirements, and new compliance frameworks relevant to Formstack’s operations.- Develop, maintain, and update internal documentation, including security policies, standards, and guidelines, to ensure they reflect current regulatory requirements and best practices.- Manage the vendor risk management program, including the review and monitoring of vendor compliance with Formstack’s security standards.- Support security awareness training programs across the organization to ensure that all employees are knowledgeable about GRC policies.- Provide guidance on governance initiatives and best practices to help improve organizational alignment with compliance and risk management standards.- Ensure incident response plans and business continuity plans are up to date and regularly tested through internal tabletops.- Collaborate on data privacy initiatives and ensure that Formstack’s practices align with privacy regulations like GDPR and CCPA.- Act as a liaison between external regulatory bodies, auditors, and internal teams.
What We Are Looking For:
- 5+ years of experience in Governance, Risk, and Compliance (GRC) or a related field, ideally within a SaaS, technology, or healthcare-related environment.- Strong knowledge of industry standards and frameworks, including NIST, SOC 2, or ISO 27001.- Demonstrated experience conducting risk assessments, security audits, and managing compliance projects.- Hands-on experience with cloud security and compliance in environments like AWS.- Strong understanding of cybersecurity principles.- Experience with third-party vendor risk management and compliance monitoring.- Excellent written and verbal communication skills, with the ability to translate complex regulatory requirements into actionable guidance.- Ability to work cross-functionally with legal, IT, and engineering teams.- Strong organizational skills, attention to detail, and the ability to manage multiple projects in a fast-paced environment.
Bonus Points:
- Bachelor’s degree in a relevant field (e.g., Information Security, IT, Business, Law, Engineering).- Certifications such as CISSP, CISA, CISM, or CRISC.- Familiarity with frameworks such as COBIT or ISO 31000.- Experience in the technology or SaaS industry, with a focus on product compliance.- Knowledge of secure software development practices and DevSecOps.- Experience working in an agile or DevOps environment.- Strong knowledge of industry standards and frameworks, including HIPAA, GDPR, PCI-DSS and CCPA.$140,000 - $180,000 a year
The Senior Analyst, Governance, Risk, and Compliance (GRC) is a key member of the Information Security team responsible for managing, monitoring, and advancing Formstack’s compliance with various security and privacy regulations and frameworks. This individual will play a pivotal role in ensuring that Formstack’s operations, products, and services are compliant with industry standards while helping to mitigate risks and support governance initiatives.
What You Will Do:
- Lead and manage Formstack’s compliance initiatives related to regulations such as HIPAA, SOC 2, GDPR, ISO 27001, PCI-DSS, CCPA, and others.- Collaborate with internal teams (product, legal, IT, and engineering) to develop, implement, and maintain Formstack’s security policies, controls, and procedures.- Perform risk assessments and conduct security audits across departments to ensure compliance with regulatory and industry standards.- Assist in the preparation and facilitation of external audits and certifications (e.g., SOC 2 audits, ISO 27001 certification processes).- Maintain and enhance Formstack's risk management framework, including the identification, assessment, and mitigation of operational, legal, and regulatory risks.- Monitor security compliance trends, changes in regulatory requirements, and new compliance frameworks relevant to Formstack’s operations.- Develop, maintain, and update internal documentation, including security policies, standards, and guidelines, to ensure they reflect current regulatory requirements and best practices.- Manage the vendor risk management program, including the review and monitoring of vendor compliance with Formstack’s security standards.- Support security awareness training programs across the organization to ensure that all employees are knowledgeable about GRC policies.- Provide guidance on governance initiatives and best practices to help improve organizational alignment with compliance and risk management standards.- Ensure incident response plans and business continuity plans are up to date and regularly tested through internal tabletops.- Collaborate on data privacy initiatives and ensure that Formstack’s practices align with privacy regulations like GDPR and CCPA.- Act as a liaison between external regulatory bodies, auditors, and internal teams.
What We Are Looking For:
- 5+ years of experience in Governance, Risk, and Compliance (GRC) or a related field, ideally within a SaaS, technology, or healthcare-related environment.- Strong knowledge of industry standards and frameworks, including NIST, SOC 2, or ISO 27001.- Demonstrated experience conducting risk assessments, security audits, and managing compliance projects.- Hands-on experience with cloud security and compliance in environments like AWS.- Strong understanding of cybersecurity principles.- Experience with third-party vendor risk management and compliance monitoring.- Excellent written and verbal communication skills, with the ability to translate complex regulatory requirements into actionable guidance.- Ability to work cross-functionally with legal, IT, and engineering teams.- Strong organizational skills, attention to detail, and the ability to manage multiple projects in a fast-paced environment.
Bonus Points:
- Bachelor’s degree in a relevant field (e.g., Information Security, IT, Business, Law, Engineering).- Certifications such as CISSP, CISA, CISM, or CRISC.- Familiarity with frameworks such as COBIT or ISO 31000.- Experience in the technology or SaaS industry, with a focus on product compliance.- Knowledge of secure software development practices and DevSecOps.- Experience working in an agile or DevOps environment.- Strong knowledge of industry standards and frameworks, including HIPAA, GDPR, PCI-DSS and CCPA.$140,000 - $180,000 a year
Confirm your E-mail: Send Email
All Jobs from Formstack