Senior GRC Analyst

🕒 May 23

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Doppler

WebsiteLinkedInAll Job Openings

11 - 50 employees

Founded 2019

🔒 Cybersecurity

☁️ SaaS

🔌 API

💰 $20M Series A on 2022-04

Cybersecurity • SaaS • API

Doppler is a cloud platform that offers centralized secrets management, allowing organizations to securely manage, orchestrate, and govern secrets and non-human identities at scale. It integrates with popular DevOps tools and CI/CD frameworks to automate secrets management within the development workflow. Doppler provides a unified interface that minimizes the need for direct cloud provider access and enhances security. The platform also features user-based pricing and SOC 2 verified compliance, making it ideal for teams of any size to manage their DevOps infrastructure securely and efficiently.

📋 Description

• Maintain Doppler's SOC 2 Type II and ISO 27001 certifications end-to-end: evidence collection, control monitoring, audit coordination, and deficiency remediation • Lead the compliance work for our next certifications, including gap assessments, policy updates, and required documentation • Evaluate additional certifications and attestations on an ongoing basis as customer and market requirements evolve • Own day-to-day administration of our GRC platform (Vanta), including control mapping, evidence workflows, and audit readiness • Lead our security working group: facilitate regular risk identification sessions, policy updates, maintain the threat register, track remediation progress, and drive accountability across teams • Design and maintain security controls mapped to our chosen frameworks (SOC 2, ISO 27001, etc.), ensuring they're practical and consistently operating • Coordinate penetration testing cycles and work directly with engineering to track and close findings • Author and maintain security policies that are enforceable and grounded in regulatory requirements (GDPR, PCI, and others relevant to a secrets management provider) • Support business continuity and disaster recovery governance • Respond to security questionnaires and RFPs promptly and accurately • Participate in customer security reviews and calls; represent our compliance posture credibly to security teams, procurement, and compliance officers • Maintain public-facing trust documentation that reflects our actual program • Partner with sales on security-sensitive enterprise deals, especially in regulated industries or where compliance is a gating factor • Translate compliance status and risk posture into clear, non-jargon updates for leadership and cross-functional stakeholders • Lead security awareness and compliance training for internal teams • Influence engineering and product roadmaps where security controls intersect with product decisions

🎯 Requirements

• 5+ years in security, compliance, or GRC, with direct ownership of SOC 2 Type II and ISO 27001 programs in a cloud product environment where you've run audit cycles, not just supported them • Hands-on experience with Vanta (or a comparable GRC platform) and a genuine interest in automating compliance workflows rather than relying on spreadsheets • Technical fluency: you can read a pen test report, understand cloud architecture decisions, and have substantive conversations with engineers about control design and risk tradeoffs • Strong understanding of how auditors think, ideally from having been on the auditor side, or from running enough cycles that you've internalized their perspective • Familiarity with PCI DSS and GDPR requirements; experience with self-attestation or certification work is a strong plus • Experience supporting enterprise sales cycles where security is a procurement requirement, including responding to complex security questionnaires • Excellent communication skills across audiences. You can brief the CEO on risk posture and turn around and explain the same issue to an engineer in implementation terms • Relevant certifications (CISA, CISSP, CISM, CRISC, or equivalent) preferred.

🏖️ Benefits

• Equity at an early-stage, fast-growing startup • Premium health insurance (medical, dental, vision) • Guilt Free Unlimited PTO - 3-week minimum strongly encouraged! • Upward Mobility • Learning and Development Stipend • Wealth Advisor • 401k • Pregnancy & Family Leave • Fertility & Adoption Benefits • Equal Compensation (regardless of gender or race)