Requirements
• 5–9 years in GRC, security compliance, or risk within SaaS/cloud environments,
• Direct ownership of SOC 2 and/or ISO 27001 audits,
• Experience managing control frameworks and audit evidence lifecycle,
• Strong understanding of risk assessment methodologies,
• Proven ability to drive remediation across cross-functional teams,
• (Desirable) Experience with third-party risk programs,
• (Desirable) Familiarity with GRC tools (Vanta, Drata, LogicGate, OneTrust),
• (Desirable) Experience in high-growth SaaS or PE-backed environments,
• (Desirable) Certifications: CISA, CISM, CISSP, CRISC, ISO 27001 Lead,
• (Desirable) Experience scaling GRC programs or implementing automation,
• (Desirable) Exposure to HIPAA, GDPR, or NIST frameworks,
• 5–9 years total experience,
• 2+ years directly owning audits or compliance programs,
• Experience operating in environments with multiple concurrent audits
What the job involves
• Nasuni is seeking a Senior GRC Analyst to strengthen and scale our governance, risk, and compliance programs across a fast-growing, AI-ready SaaS platform. This role owns critical audit, risk, and policy initiatives that directly impact customer trust, regulatory posture, and business scalability,
• You’ll operate at the intersection of security, engineering, legal, and operations—ensuring our controls are effective, auditable, and continuously improving,
• This role is ideal for someone who has led audit and risk programs end-to-end, not just supported them, and who is motivated to modernize GRC through automation and intelligent tooling,
• Owns execution and continuous improvement of core GRC programs,
• Operates independently across multiple compliance frameworks,
• Influences cross-functional stakeholders without direct authority,
• Balances execution (audits, controls) with program optimization,
• Contributes to scalable, automation-driven GRC operations,
• Lead SOC 1, SOC 2, ISO 27001 audits end-to-end (planning → evidence → remediation),
• Partner with auditors and internal teams to ensure timely, accurate audit delivery,
• Track and drive remediation of control gaps with accountable owners,
• Own lifecycle of security policies, standards, and control documentation,
• Align policies to evolving regulatory and business requirements,
• Facilitate cross-functional policy reviews and approvals,
• Conduct enterprise risk assessments and maintain risk register,
• Partner with business leaders to prioritize and mitigate risk,
• Deliver risk insights and reporting to leadership for decision-making,
• Own vendor risk assessments, onboarding, and periodic reviews,
• Build scalable due diligence and monitoring processes,
• Partner with procurement and legal on vendor risk decisions,
• Lead security awareness and training programs (phishing, compliance training),
• Measure effectiveness and continuously improve engagement,
• Manage GRC platforms (e.g., Vanta, Drata, OneTrust),
• Identify and implement automation opportunities in evidence collection, risk tracking, and reporting,
• Leverage AI tools to improve control monitoring, audit readiness, and workflow efficiency