Senior Analyst, Governance, Risk and Compliance (Denver, Los Angeles and/or Indiana)

Who You Are :

If your skills, experience, and qualifications match those in this job overview, do not delay your application.

The Senior Analyst, Governance, Risk, and Compliance (GRC) is a key member of the Information Security team responsible for managing, monitoring, and advancing Formstack’s compliance with various security and privacy regulations and frameworks.

This individual will play a pivotal role in ensuring that Formstack’s operations, products, and services are compliant with industry standards while helping to mitigate risks and support governance initiatives.

What You Will Do :

• Lead and manage Formstack’s compliance initiatives related to regulations such as HIPAA, SOC 2, GDPR, ISO 27001, PCI-DSS, CCPA, and others.
• Collaborate with internal teams (product, legal, IT, and engineering) to develop, implement, and maintain Formstack’s security policies, controls, and procedures.
• Perform risk assessments and conduct security audits across departments to ensure compliance with regulatory and industry standards.
• Assist in the preparation and facilitation of external audits and certifications (e.g., SOC 2 audits, ISO 27001 certification processes).
• Maintain and enhance Formstack's risk management framework, including the identification, assessment, and mitigation of operational, legal, and regulatory risks.
• Monitor security compliance trends, changes in regulatory requirements, and new compliance frameworks relevant to Formstack’s operations.
• Develop, maintain, and update internal documentation, including security policies, standards, and guidelines, to ensure they reflect current regulatory requirements and best practices.
• Manage the vendor risk management program, including the review and monitoring of vendor compliance with Formstack’s security standards.
• Support security awareness training programs across the organization to ensure that all employees are knowledgeable about GRC policies.
• Provide guidance on governance initiatives and best practices to help improve organizational alignment with compliance and risk management standards.
• Ensure incident response plans and business continuity plans are up to date and regularly tested through internal tabletops.
• Collaborate on data privacy initiatives and ensure that Formstack’s practices align with privacy regulations like GDPR and CCPA.
• Act as a liaison between external regulatory bodies, auditors, and internal teams.

What We Are Looking For :

• 5+ years of experience in Governance, Risk, and Compliance (GRC) or a related field, ideally within a SaaS, technology, or healthcare-related environment.
• Strong knowledge of industry standards and frameworks, including NIST, SOC 2, or ISO 27001.
• Demonstrated experience conducting risk assessments, security audits, and managing compliance projects.
• Hands-on experience with cloud security and compliance in environments like AWS.
• Strong understanding of cybersecurity principles.
• Experience with third-party vendor risk management and compliance monitoring.
• Excellent written and verbal communication skills, with the ability to translate complex regulatory requirements into actionable guidance.
• Ability to work cross-functionally with legal, IT, and engineering teams.
• Strong organizational skills, attention to detail, and the ability to manage multiple projects in a fast-paced environment.

Bonus Points :

• Bachelor’s degree in a relevant field (e.g., Information Security, IT, Business, Law, Engineering).
• Certifications such as CISSP, CISA, CISM, or CRISC.
• Familiarity with frameworks such as COBIT or ISO 31000.
• Experience in the technology or SaaS industry, with a focus on product compliance.
• Knowledge of secure software development practices and DevSecOps.
• Experience working in an agile or DevOps environment.

Salary : $140,000 - $180,000 a year

J-18808-Ljbffr