Senior Analyst - Governance, Risk, & Compliance

About iVerify

We are Experts in Mobile Threat Hunting. The first mobile threat hunting company to protect mobile devices like any other vulnerable corporate endpoint.

The mobile security market has a problem. Simply put, current solutions fail to meet the sophistication of modern threats or the growing privacy desires of mobile device users. We believe that it is time for something new. Not only because we care deeply about the safety of frontline users like journalists and activists - many of whom are doing important and often dangerous work - but because enterprises and consumers deserve real protection from advanced mobile threats without sacrificing privacy.

We are building the first mobile threat hunting company to harmonize security and privacy in the face of a new class of mobile threats. Supported by some of the most well-respected VC firms, we aim to become the go-to mobile security solution for individuals who want to know they can trust their devices with their most sensitive information – without sacrificing privacy. 

About the Role

We are seeking a Senior Analyst to join our growing governance, risk and compliance (GRC) team. This is a hands-on role focused on maintaining compliance across multiple frameworks, managing programs, and driving trust with customers and partners.

This role is a senior position on the security team, with regular interaction with leadership and external stakeholders. You’ll lead the long-term initiatives to ensure that our company maintains the highest standards in security and privacy.

Your work will directly impact the organization through maintaining and updating security controls, responding to information requests, audits and compliance projects.

As a senior member of the information security team, you’ll implement and manage our GRC tools, assessments, influence decisions and be an integral part of the company’s growth.

Key Responsibilities

• Lead and support Governance, Risk, and Compliance (GRC) initiatives, including policy development, control assessments, and audit readiness.

• Own and manage responses to customer and vendor security questionnaires, ensuring timely, accurate, and consistent communication.

• Collaborate with cross-functional teams (Security, Finance, Engineering, Product, and Sales) to maintain compliance with frameworks such as SOC 2, ISO 27001, and GDPR.

• Support third-party risk management activities, including vendor assessments and remediation tracking.

• Monitor regulatory and compliance developments to ensure internal policies and controls remain current.

• Assist in preparing evidence for internal and external audits and certifications.

• Contribute to security awareness and training programs.

• Manage GRC operations, maintaining policies, procedures, and evidence in Vanta to ensure continuous compliance with frameworks.

• Review and update security controls in Vanta, ensuring all systems and integrations remain connected and compliant.

• Monitor compliance tasks and remediation tickets in Vanta, following up with internal stakeholders to ensure timely completion.

• Respond to customer and vendor security questionnaires, collaborating with Product, Engineering, and Legal teams for accurate and efficient responses.

• Prepare and organize audit evidence for compliance and privacy, ensuring readiness for internal and external audits.

• Conduct regular risk assessments, document findings, and track mitigation efforts.

• Support third-party risk management – perform vendor reviews/assessments, track projects, and follow up on remediation actions.

• Monitor regulatory updates and recommend changes to internal policies or controls as needed.

• Assist with security awareness training and ongoing employee compliance efforts.

Requirements

• Bachelor’s degree in Information Security, Computer Science, Business, or a related field (Master’s degree a plus).

• 5+ years of experience in information security, risk management, or compliance.

• Prior experience in a Big Four consulting firm or similar professional services environment preferred.

• Strong understanding of security frameworks (SOC 2, ISO 27001, NIST, GDPR, etc.).

• Excellent written and verbal communication skills — especially in translating technical details into clear, business-focused language.

• Demonstrated experience responding to security questionnaires and due diligence requests.

• Highly organized, detail-oriented, and able to manage multiple priorities in a remote environment.

Compensation

Our salary ranges are determined by role, level, location, and employment type. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position. Within the range, individual pay is determined by a variety of factors, including, but not limited to, work location, job-related skills, experience, and relevant education or training.

Diversity, Equity, and Inclusion

At iVerify, we are committed to building a diverse, equitable, and inclusive workplace and community. We believe that diversity in all its forms drives innovation and fosters creativity. We strive to create an environment where everyone feels valued, respected, and empowered to bring their authentic selves to work.