# GRC Analyst

**Company:** [Fluidstack](https://hotfix.jobs/companies/fluidstack)
**Location:** New York, NY
**Role:** Other
**Salary:** $200k – $270k/yr
**Experience:** 3+ years
**Skills:** SOC 2, ISO 27001, Nist 800-53, FedRAMP, GRC, Vanta, Compliance Auditing, Policy Management, Control Monitoring, Evidence Collection
**Posted:** 2026-07-07

> GRC Analyst responsible for running day-to-day compliance programs (SOC 2, ISO 27001, NIST, FedRAMP) including evidence collection, policy maintenance, audits, and scaling controls across new sites in a high-security AI compute infrastructure environment. Requires hands-on audit experience defending controls and driving adherence from engineering teams.

## Job Description

## Responsibilities
- Run the day-to-day compliance program end to end across SOC 2 Type II, ISO 27001, NIST 800-53, and FedRAMP Moderate equivalency: continuous evidence collection, control monitoring, and audit readiness held on GRC platforms (Vanta) and the tooling we build in-house.
- Own the policy and procedure set: draft, maintain, and run the review cycle so documentation keeps pace with the controls as the program grows.
- Run recurring control operations on cadence, access reviews, control owner attestations, and evidence refreshes, chasing system owners and employees across the org directly to get them done on time.
- Drive audit and assessment cycles with external auditors and assessors and manage the POA&M to closure, tracking each finding to a named owner and milestone so nothing ages past its deadline.
- Bring each new site and team into the compliance program as we scale, mapping their systems to existing controls so coverage stays consistent instead of fragmenting facility by facility.

## Requirements
- Operated controls and pulled evidence against at least one major framework (SOC 2, ISO 27001, NIST 800-53, or FedRAMP) through a real audit.
- Owned a compliance documentation set, policies, procedures, and control narratives, and kept it current as the environment changed.
- Sat across from an auditor or assessor, defended how a control runs in practice, and closed findings.
- Get evidence and adherence out of busy engineers, system owners, and employees across the org, on time, without a manager pushing.
- Catch a stale control, an expired access grant, or a coverage gap before an assessor does, by watching the portfolio continuously.
- Translate a control requirement into the exact artifact that proves it, and keep that mapping tight across overlapping frameworks.

## Nice-to-Haves
- FedRAMP Moderate equivalency or NIST 800-53 evidence work.
- GRC platforms (Vanta) or comparable continuous-compliance tooling.
- Cloud, GPU, or data center environments.
- Mapping controls across SOC 2, ISO 27001, and NIST in parallel.

## Similar roles

- [Government Relations - Texas](https://hotfix.jobs/jobs/cbc767b6-55e9-4d2b-ae1e-bfa9b0be3b41) - Fluidstack - Austin, TX - $200k – $250k/yr
- [Technical Intelligence Analyst](https://hotfix.jobs/jobs/9911fd42-a299-4ed6-9dac-cdd7c02a7d9c) - OpenAI - San Francisco, CA - $198k – $320k/yr
- [Oracle ERP Fusion Functional Analyst](https://hotfix.jobs/jobs/60c1bbb2-e9e0-4226-9858-6f121894f171) - Discord - San Francisco, CA - $192k – $216k/yr
- [Oracle ERP Fusion Technical Developer](https://hotfix.jobs/jobs/31663ba7-796c-401e-9d39-8db77d0ba81b) - Discord - San Francisco, CA - $192k – $216k/yr
- [Research Operations, Discovery](https://hotfix.jobs/jobs/880470c7-a89b-4456-bf08-8a98fbd323cf) - Anthropic - San Francisco, CA - $210k – $310k/yr

**Apply:** https://hotfix.jobs/jobs/d489749b-5086-4d5f-9cba-fda800adacaa
**Canonical:** https://hotfix.jobs/jobs/d489749b-5086-4d5f-9cba-fda800adacaa