Formstack
Senior Analyst, Governance, Risk and Compliance (Denver, Los Angeles and/or Indi
Formstack, Los Angeles, California, United States, 90079
Who You Are:
The Senior Analyst, Governance, Risk, and Compliance (GRC) is a key member of the Information Security team responsible for managing, monitoring, and advancing Formstack’s compliance with various security and privacy regulations and frameworks. This individual will play a pivotal role in ensuring that Formstack’s operations, products, and services are compliant with industry standards while helping to mitigate risks and support governance initiatives.
What You Will Do:
Lead and manage Formstack’s compliance initiatives related to regulations such as HIPAA, SOC 2, GDPR, ISO 27001, PCI-DSS, CCPA, and others.
Collaborate with internal teams (product, legal, IT, and engineering) to develop, implement, and maintain Formstack’s security policies, controls, and procedures.
Perform risk assessments and conduct security audits across departments to ensure compliance with regulatory and industry standards.
Assist in the preparation and facilitation of external audits and certifications (e.g., SOC 2 audits, ISO 27001 certification processes).
Maintain and enhance Formstack's risk management framework, including the identification, assessment, and mitigation of operational, legal, and regulatory risks.
Monitor security compliance trends, changes in regulatory requirements, and new compliance frameworks relevant to Formstack’s operations.
Develop, maintain, and update internal documentation, including security policies, standards, and guidelines, to ensure they reflect current regulatory requirements and best practices.
Manage the vendor risk management program, including the review and monitoring of vendor compliance with Formstack’s security standards.
Support security awareness training programs across the organization to ensure that all employees are knowledgeable about GRC policies.
Provide guidance on governance initiatives and best practices to help improve organizational alignment with compliance and risk management standards.
Ensure incident response plans and business continuity plans are up to date and regularly tested through internal tabletops.
Collaborate on data privacy initiatives and ensure that Formstack’s practices align with privacy regulations like GDPR and CCPA.
Act as a liaison between external regulatory bodies, auditors, and internal teams.
What We Are Looking For:
5+ years of experience in Governance, Risk, and Compliance (GRC) or a related field, ideally within a SaaS, technology, or healthcare-related environment.
Strong knowledge of industry standards and frameworks, including NIST, SOC 2, or ISO 27001.
Demonstrated experience conducting risk assessments, security audits, and managing compliance projects.
Hands-on experience with cloud security and compliance in environments like AWS.
Strong understanding of cybersecurity principles.
Experience with third-party vendor risk management and compliance monitoring.
Excellent written and verbal communication skills, with the ability to translate complex regulatory requirements into actionable guidance.
Ability to work cross-functionally with legal, IT, and engineering teams.
Strong organizational skills, attention to detail, and the ability to manage multiple projects in a fast-paced environment.
Bonus Points:
Bachelor’s degree in a relevant field (e.g., Information Security, IT, Business, Law, Engineering).
Certifications such as CISSP, CISA, CISM, or CRISC.
Familiarity with frameworks such as COBIT or ISO 31000.
Experience in the technology or SaaS industry, with a focus on product compliance.
Knowledge of secure software development practices and DevSecOps.
Experience working in an agile or DevOps environment.
Strong knowledge of industry standards and frameworks, including HIPAA, GDPR, PCI-DSS and CCPA.
$140,000 - $180,000 a year
#J-18808-Ljbffr
#J-18808-Ljbffr