# Senior GRC Analyst

**Company:** [PrizePicks](https://hotfix.jobs/companies/prizepicks)
**Location:** Remote
**Role:** Other
**Salary:** $110k – $120k/yr
**Experience:** 5+ years
**Skills:** GRC, SOC 2, ISO 27001, Sox 404, Pci-Dss, Nist, GDPR, Cis, Tprm, Grc Platforms, Cissp, Cism, Cisa, Crisc, Vanta
**Posted:** 2026-07-08

> Senior GRC Analyst responsible for managing security policies, third-party risk assessments, audit coordination (SOC 2, PCI), compliance mapping, and risk registries. Requires 5+ years in GRC or IT audit, experience with major frameworks, and strong cross-functional collaboration skills.

## Job Description

## What you’ll do

**Policy Lifecycle Management:**
- Own the ongoing review and maintenance of organizational security policies, standards, and procedures.
- Assist in identifying policy gaps based on evolving regulatory requirements, business needs, and industry best practices.

**Compliance Program Support:**
- Serve as a primary cross-functional coordinator with other dedicated compliance teams (e.g., Legal, Regulatory Affairs, Internal Audit) to design and maintain a unified, strategic governance roadmap.
- Ensure all corporate compliance activities are aligned, documented, and consistently executed across the enterprise.

**Third-Party Risk Management (TPRM):**
- Lead security risk assessments for new and renewing third-party vendors as part of the procurement lifecycle.
- Track remediation items and collaborate with stakeholders to address identified risks.

**Audit & Certification Coordination:**
- Coordinate and support the organization's annual security audits and certifications (e.g., SOC 2, PCI, CIS).
- Coordinate evidence collection, track action items, communicate with stakeholders, and assist with audit readiness activities.
- Lead cross-functional coordination with internal SMEs to support evidence collection, reviewing appropriateness, tracking action items, and ensuring timely submission.
- Act as a secondary liaison with external auditors.
- Serve as a subject matter resource in interpreting and mapping security controls to operational processes and supporting evidence.

**Security Training Program:**
- Assist with the administration and continuous improvement of the company’s security awareness and training program, including tracking completion metrics and updating training content as needed.

**Regulatory & Compliance Support:**
- Work in close partnership with Legal and Regulatory teams to interpret new and changing compliance requirements.
- Provide security insight to ensure corporate practices and technology align with legal and regulatory mandates.

**Governance and Process Improvement:**
- Proactively identify and drive improvements to the efficiency, consistency, and scalability of GRC processes and documentation.
- Contribute to initiatives that enhance operational maturity and reduce organizational risk.
- Assist with the administration, maintenance, and continuous improvement of the organization’s GRC platform and related workflows.

**Risk & Issue Management Support:**
- Maintain and help evolve risk and issues registries, tracking exceptions, risk owners, update timelines, and supporting broader risk management initiatives across Security and IT functions.

## What you have

- 5+ years of experience in Governance, Risk, and Compliance (GRC), Information Security, IT Audit, or related fields.
- Experience independently managing audits, compliance initiatives, or governance programs with limited supervision.
- Experience working with security and compliance frameworks such as SOC 2, ISO 27001, SOX 404, PCI-DSS, NIST, GDPR, CIS or similar standards.
- Familiarity with audit processes including evidence gathering/review, remediation tracking, and auditor coordination.
- Experience maintaining or developing security policies, standards, and procedures.
- Hands-on experience conducting Third-Party Risk Management (TPRM) assessments, including vendor security reviews, questionnaire evaluations, risk analysis, remediation tracking, and ongoing monitoring.
- Experience identifying, documenting, tracking, and communicating security and compliance risks to technical and non-technical stakeholders, including supporting risk remediation and exception management processes.
- Experience working with GRC platforms and tooling to manage compliance activities, risk registers, policy lifecycle management, audit evidence collection, and workflow automation.
- Experience interpreting and mapping security and compliance controls to operational processes and evidence requirements.
- Familiarity with the impact of Governance, Risk, and Compliance (GRC) on the Secure Software Development Life Cycle (SSDLC) and IT operations.
- Experience supporting privacy and data protection compliance initiatives, including CCPA, consumer privacy regulations, and broader PII/data handling protection requirements.
- Strong written and verbal communication skills with the ability to collaborate across technical and non-technical teams.
- Strong organizational skills and ability to manage multiple priorities effectively.
- Strong project management experience.

## What makes you stand out

- Industry certifications such as CISSP, CISM, CISA, CRISC, Security+, or similar.
- Experience working in high-growth technology or regulated environments.
- Familiarity with GRC tooling such as Vanta, Drata, Archer, OneTrust, or ServiceNow GRC.
- Experience supporting PCI-DSS, privacy, or state regulatory compliance initiatives.
- Exposure to security awareness platforms and vendor risk management tooling.
- Experience helping mature or scale governance and compliance programs.

## Compensation

The typical salary range for this position is $110,000 to $120,000.

## Similar roles

- [Senior Payroll Specialist](https://hotfix.jobs/jobs/ef99e1ab-e67a-453b-9c98-de8af439df47) - Datadog - New York, NY - $110k – $150k/yr
- [Senior Manager of AI Enablement](https://hotfix.jobs/jobs/0f9cb13c-ba41-4e17-a6f4-bfee44da34d9) - CodePath - Remote - $110k – $150k/yr
- [Senior Analyst, Financial Crimes & Identity Quality](https://hotfix.jobs/jobs/9899a388-4231-4c8d-9641-9b7642771339) - Chime - Chicago, IL - $112k – $155k/yr
- [Senior Creative Ops Project Manager](https://hotfix.jobs/jobs/1837cdba-3578-47b4-b500-fbadb5279ef8) - Underdog Fantasy - Remote - $112k – $140k/yr
- [Sr. Global Event Manager, Event Content Strategy and Production](https://hotfix.jobs/jobs/aee69986-52c1-4001-b619-51547a3c1a1c) - Twilio - Remote - $106k – $141k/yr

**Apply:** https://hotfix.jobs/jobs/839d7615-cdae-4563-bc52-f5a24b98dc7b
**Canonical:** https://hotfix.jobs/jobs/839d7615-cdae-4563-bc52-f5a24b98dc7b