GRC Analyst
Vercel is the Frontend Cloud, focusing on building, scaling, and securing a faster, personalized web.
Projects
About Vercel
Vercel provides a platform for frontend development, offering solutions for deployment, scaling, and security. It supports a wide range of frameworks and tools, enabling developers to deploy their applications globally with instant previews and automatic HTTPS. Vercel emphasizes performance, security, and developer experience, with features like zero-config streaming, optimized compute, and privacy-friendly analytics.
Skills
About the Role
You will manage and maintain ongoing compliance with security and privacy frameworks, policies, procedures, and commercial assessments, including ISO 27001, SOC 2, HIPAA, PCI DSS, and more. You will collaborate with cross-functional teams to promote a culture of accountability and integrity throughout the organization, fostering an environment where everyone understands the importance of adhering to established guidelines and ethical practices. You will report to the Head of GRC.
Requirements
- At least 3 years of relevant experience in supporting the audit lifecycle in a cloud-centric environment (SOC 2, ISO 27001, PCI, HIPAA, etc.)
- Strong organizational skills to be flexible and proactive in a high-growth, start-up environment
- Experience collaborating closely with internal partners to seamlessly incorporate policies and technical controls into the SDLC
- Strong project management skills and sense of ownership with the ability to communicate and collaborate effectively, and execute projects across various business units and levels
Responsibilities
- Collaborate with internal teams to maintain an effective suite of internal controls and drive remediation efforts to completion with clear documentation of progress
- Build strong working relationships across the business so compliance accountability is shared and stakeholders are informed
- Streamline annual audits by managing audit deliverables, developing treatment plans, and coordinating across teams to document and track completion
- Monitor and improve controls, processes, and evidence management practices, identify opportunities to automate and streamline GRC operations, and contribute to controls maturity scoring and reporting
- Enable go-to-market teams and accelerate deal cycles by supporting security questionnaires, addressing compliance inquiries, and maintaining customer-facing documentation on security and compliance posture
- Design and manage company training and enhance visibility on compliance-specific topics for internal stakeholders
Benefits
- Equity
- Inclusive Healthcare Package
- Mentorship and events for networking and skill building
- Flexible Time Off
- Equipment provided and WFH budget
