Senior Governance, Risk & Compliance (GRC) Analyst

Senior Governance, Risk & Compliance (GRC) Analyst

Location: Boston/Marlborough Hybrid (3 days) or Remote US

Role Overview

Nasuni is seeking a Senior GRC Analyst to strengthen and scale our governance, risk, and compliance programs across a fast-growing, AI-ready SaaS platform. This role owns critical audit, risk, and policy initiatives that directly impact customer trust, regulatory posture, and business scalability.

You’ll operate at the intersection of security, engineering, legal, and operations—ensuring our controls are effective, auditable, and continuously improving.

This role is ideal for someone who has led audit and risk programs end-to-end, not just supported them, and who is motivated to modernize GRC through automation and intelligent tooling.

Level & Scope Definition

Owns execution and continuous improvement of core GRC programs

Operates independently across multiple compliance frameworks

Influences cross-functional stakeholders without direct authority

Balances execution (audits, controls) with program optimization

Contributes to scalable, automation-driven GRC operations

Responsibilities

Audit & Compliance

Lead SOC 1, SOC 2, ISO 27001 audits end-to-end (planning → evidence → remediation)

Partner with auditors and internal teams to ensure timely, accurate audit delivery

Track and drive remediation of control gaps with accountable owners

Policy & Governance

Own lifecycle of security policies, standards, and control documentation

Align policies to evolving regulatory and business requirements

Facilitate cross-functional policy reviews and approvals

Enterprise Risk Management

Conduct enterprise risk assessments and maintain risk register

Partner with business leaders to prioritize and mitigate risk

Deliver risk insights and reporting to leadership for decision-making

Third-Party Risk Management

Own vendor risk assessments, onboarding, and periodic reviews

Build scalable due diligence and monitoring processes

Partner with procurement and legal on vendor risk decisions

Security Awareness

Lead security awareness and training programs (phishing, compliance training)

Measure effectiveness and continuously improve engagement

GRC Operations & AI Enablement

Manage GRC platforms (e.g., Vanta, Drata, OneTrust)

Identify and implement automation opportunities in evidence collection, risk tracking, and reporting

Leverage AI tools to improve control monitoring, audit readiness, and workflow efficiency

Qualifications

Must-Have

5–9 years in GRC, security compliance, or risk within SaaS/cloud environments

Direct ownership of SOC 2 and/or ISO 27001 audits

Experience managing control frameworks and audit evidence lifecycle

Strong understanding of risk assessment methodologies

Proven ability to drive remediation across cross-functional teams

Preferred

Experience with third-party risk programs

Familiarity with GRC tools (Vanta, Drata, LogicGate, OneTrust)

Experience in high-growth SaaS or PE-backed environments

Ideal

Certifications: CISA, CISM, CISSP, CRISC, ISO 27001 Lead

Experience scaling GRC programs or implementing automation

Exposure to HIPAA, GDPR, or NIST frameworks

Experience Guidelines

5–9 years total experience

2+ years directly owning audits or compliance programs

Experience operating in environments with multiple concurrent audits

About Nasuni & Why Work Here (US Boston/Marlborough / Remote)

Nasuni is the unstructured data foundation for enterprise teams—and the AI that supports them. As a Vista-backed SaaS data infrastructure company, we help organizations manage, protect, and activate massive volumes of file data—transforming it into secure, AI-ready assets for innovation and growth.

Our unified File Data Platform eliminates infrastructure silos and enables global collaboration, resilience, and intelligent automation at scale.

At Nasuni, you’ll work at the intersection of cloud, security, and AI—solving complex challenges alongside a team that values ownership, innovation, and impact. Whether based remotely or in our Boston-area offices, you’ll contribute to a platform trusted by enterprises worldwide while growing your expertise in modern, AI-enabled data infrastructure.

Why work at Nasuni?

As part of our commitment to your well-being, we are pleased to offer comprehensive benefits packages to employees across the US. Benefits packages generally include:

Best in class employee onboarding and training

“Take What You Need” paid time off policy

Comprehensive health, dental and vision plans

Company-paid life and disability insurance

401(k) and Roth IRA retirement plan

Generous employee referral bonuses

Flexible remote work policy

10 Paid Holidays

Wide array of wellbeing offerings

Pre-tax savings accounts with company contributions

Great team culture and social activities

Collaborative workspaces

Free on-site fitness centers and stocked kitchens in select office locations

Professional development resources

Compensation Transparency:

In accordance with U.S. pay transparency laws, N