Job Overview

We are looking for a detail-oriented and proactive GRC Analyst to join our growing security and compliance team. In this role, you will be responsible for maintaining and advancing our compliance posture across multiple regulatory frameworks, including SOC 2, HIPAA, FERPA, ISO 27001/27701/42001, TX-RAMP, and GDPR. You will work closely with our security, engineering and other teams to ensure our platform and operations meet the compliance regulations - critical to our position as a trusted leader in educational and healthcare organizations.

Responsibilities

• Evaluate compliance alignment for SOC 2, HIPAA, ISO 27001, ISO 27701, ISO 42001, TX-RAMP, and GDPR, ensuring continuous audit readiness.
• Perform internal gap assessments and readiness evaluation against applicable frameworks and standards, track remediation plans.
• Monitor the Information Security Management System (ISMS) and Artificial Intelligence Management System (AIMS) KPIs and objectives in alignment with ISO 27001 and ISO 42001 requirements.
• Coordinate internal and external compliance audits - prepare evidence packages, manage auditor requests, and drive timely closure of audit findings.
• Monitor control documentation for internal and external audits.
• Collaborate with engineering, product, and DevOps teams to embed compliance requirements into the SDLC and cloud infrastructure.
• Track, measure, and report key compliance metrics and KPIs on a regular basis.
• Support client-facing compliance activities, including responding to questionnaires, RFPs, and Third Party Risk Management (TPRM) inquiries from clients and prospects.

Profile Requirement

• Bachelor’s degree in information security, Computer Science, Information Systems, or a related field.
• 3 - 5 years of experience in information security compliance, GRC, or a closely related role.
• Hands-on, demonstrable experience with two or more of the following frameworks: SOC 2, HIPAA, ISO 27001, ISO 27701, ISO 42001, TX-RAMP, GDPR.
• Experience coordinating or supporting audit readiness, evidence collection, and external auditor engagements.
• Appropriate analytical, documentation, and communication skills - translate technical compliance requirements into clear guidance for both technical and non-technical audiences.
• Ability to work cross-functionally and support concurrent compliance initiatives.

Good to Have

• Relevant compliance certifications such as ISO 27001 Lead Implementer/Auditor or similar.
• Understanding of governance frameworks like NIST SP 800-53/ CMF/ RMF.
• Prior experience in a health-tech, edtech SaaS environment.