Senior Information Security GRC Analyst

Branch is seeking an experienced Security Governance, Risk, and Compliance (GRC) professional to join our team. This position will work in all aspects of GRC, so broad knowledge is preferred across multiple frameworks and related policy and procedure lifecycle management.

Location: Remote (US)

Salary: $155-165k

Responsibilities

• Manage and maintain the Branch Information Security Program, security function programs and processes.
• Own internal controls and maintain an accurate security program across all corporate functions.
• Champion the Branch Information Security Program and security awareness.
• Perform control mapping to align controls with frameworks like PCI, SOC 2, ISO 27001, NIST CSF, CCPA.
• Conduct gap analysis to identify deficiencies and areas for improvement.
• Implement new frameworks and integrate into audit cycles.
• Manage risk and vulnerability assessments, validation testing, compliance reviews, and audits.
• Manage the Drata GRC platform, including data updates, audit evidence collection, and access management.
• Inform stakeholders of concerns, hazards, and risks.
• Collaborate with Security, Engineering, Cloud Operations, Procurement, and Legal teams.
• Maintain knowledge of procedures and methods to broaden team expertise.
• Write and manage security standards, policies, and practices.
• Assist in operational compliance inquiries.
• Identify areas for process and control improvements.
• Manage third-party vendor lifecycle, including onboarding, due diligence, and monitoring.
• Partner with Risk and Legal teams to improve processes and reduce risk.
• Manage security training and awareness programs.
• Support penetration testing and remediation coordination.

Requirements

• 5-7 years of experience in a similar role.
• 3+ years of experience conducting audits (SOC 2, PCI, ISO 27001).
• Excellent communication skills, both oral and written.
• Ability to create and maintain clear documentation.
• Knowledge of GRC tools (Drata, HyperProof, AuditBoard, OneTrust).
• Strong ethics and discretion.
• Excellent organizational, process improvement, and project management skills.
• Familiarity with security and compliance requirements (SOC 2, PCI, NIST CSF, ISO 27001, CCPA).
• Working toward CISA, CISM, or similar certification.

Benefits

• Market-leading medical, dental, and vision insurance.
• Stock options.
• Free Premium-Tier Origin Financial Wellness subscription.
• Monthly home-office stipend.
• 401k (TransAmerica).
• 12-weeks paid parental leave.
• Flexible time off, sick, and safe time.
• 11 paid company holidays.
• Same Day Pay Option.

Additional Information

• This position is classified as REMOTE within the United States.
• Candidates outside the U.S. are not eligible.
• Must be authorized to work in the USA without sponsorship.
• No third-party applications accepted.
• Learn more about data collection and privacy policies.