GRC Analyst

WinMax Systems Corporation
San Francisco, US
Hybrid

Job Description

Title: GRC Analyst

Location: San Francisco, CA (4 days onsite)

Duration: 6+ months

Key Responsibilities:

  • Conduct technical vendor risk assessments (security, privacy, architecture, data handling) for new and existing third parties
  • Review security documentation (SOC 2, ISO 27001, pentest reports, architecture diagrams, data flows) and identify risks
  • Drive risk-based decisions - recommend approve / conditional approve / reject with clear rationale
  • Track and manage vendor risk findings, remediation plans, and exceptions
  • Partner with Legal/Procurement on security terms, DPAs, and contractual requirements
  • Respond to internal GRC queries (security questionnaires, audits, customer due diligence)

Qualifications:

  • Experience in GRC / Vendor Risk / Security Risk roles
  • Strong understanding of cloud/SaaS architectures and common security controls
  • Familiarity with frameworks like SOC 2, ISO 27001, NIST, HIPAA, PCI
  • Ability to balance risk vs. business enablement in a fast-paced environment
  • Strong communication skills with both technical and non-technical stakeholders

Skills & Requirements

Technical Skills

GrcVendor riskSecurity riskCloud/saas architecturesSoc 2Iso 27001NistHipaaPciSecurity termsDpasContractual requirementsSecurity questionnairesAuditsCustomer due diligenceCommunicationSecurityPrivacyArchitectureData handlingRisk assessmentSecurity documentationRisk-based decisionsVendor risk findingsRemediation plansExceptionsLegalProcurementSecurity termsDpasContractual requirementsSecurity questionnairesAuditsCustomer due diligence

Employment Type

FULL TIME

Level

mid

Posted

5/3/2026

Apply Now

You will be redirected to WinMax Systems Corporation's application portal.

Sign in and we'll score your resume against this role.