20 grc analyst jobs at 19 companies in Berkeley, CA

1mo
Save
Mark Applied
Hide
GRC Analyst
San Francisco or New York City or Bangalore or United States or Europe
$130k-$175k/yr HybridFull Time
Mesh
Mesh: Connecting digital wallets and exchanges for unified cryptocurrency payments.
3+ YOE3+ years hands-on GRC experience; familiarity with SOC 2, NIST, MiCA, Money Transmitter Licenses; BC/DR program experience; vendor risk assessments; control testing and remediation; strong communication and operationalization skills.
SOC 2, NIST, PCI, MiCA, NYDFS, CCPA, Vanta, Drata, Archer
3w
Save
Mark Applied
Hide
Senior GRC Analyst, HIPAA
United States or San Francisco
$133k-$195k/yr OnsiteFull Time
DoorDash
DoorDashNASDAQ: DASH: On-demand delivery platform connecting consumers with local merchants.
6+ YOE6+ years in security compliance/GRC with 3+ years implementing HIPAA programs in technology or regulated environments; strong HIPAA Security Rule knowledge, multi-framework experience, technical fluency with cloud/IAM/CI/CD, and stakeholder communication skills.
HITRUST, SOC 2, ISO 27001, NIST 800-53, PCI DSS, GDPR, CCPA, IAM, CI/CD, infrastructure-as-code, GRC tooling
2d
Save
Mark Applied
Hide
Senior Security GRC Analyst
San Mateo, California, United States
$224k-$272k/yr HybridFull Time
Roblox
RobloxNYSE: RBLX: Platform for creating and playing user-generated 3D digital experiences.
4+ YOE4+ years GRC experience, risk assessment and policy development, ability to work with engineers, knowledge of compliance frameworks and security controls.
Factor Analysis of Information Risk (FAIR), Roblox Studio
1mo
Save
Mark Applied
Hide
Senior GRC Analyst
Palo Alto, California, United States
$120k-$145k/yr OnsiteFull Time
Workato
Workato: Enterprise platform for automating business workflows and integrating applications.
8+ YOE8+ years in cybersecurity, audits, risk management, or compliance; hands-on FedRAMP experience; cloud security controls; strong communication; eligibility for federal programs.
AWS GovCloud, Azure Government, Google Cloud, NIST 800-53, FedRAMP, PCI-DSS, SOC 2, ISO 27001, 27701
4d
Save
Mark Applied
Hide
Information Security GRC Analyst 4
San Jose or Seattle or Lehi or New York City
$113k-$229k/yr OnsiteFull Time
Adobe
AdobeNASDAQ: ADBE: Provides software for digital media creation and marketing analytics
5+ YOE5+ years GRC/InfoSec experience, knowledge of SOC/ISO/HIPAA/FedRAMP/NIST frameworks, program and audit leadership, strong communication and analytical skills.
AWS, Azure, GCP, Adobe Common Controls Framework (CCF)
2mo
Save
Mark Applied
Hide
Senior Governance, Risk, Compliance (GRC) Analyst
San Francisco, California, United States
$162k-$202k/yr OnsiteFull Time
Headway
Headway: A healthtech accelerating access to mental healthcare
5+ YOE5+ years in GRC/compliance/security risk; knowledge of HITRUST/SOC 2/PCI-DSS/HIPAA; experience with GRC platforms; strong communication; ability to build repeatable processes; interest in AI-enabled security workflows; healthcare/healthtech HIPAA understanding a plus
HITRUST, SOC 2, PCI-DSS, HIPAA, GRC platform (e.g., Vanta, Drata, OneTrust)
1mo
Save
Mark Applied
Hide
Governance, Risk & Compliance (GRC) Analyst
San Francisco, California, United States
$125k-$150k/yr OnsiteFull Time
Ivo
Ivo: AI-powered contract review and intelligence platform for legal teams.
3+ YOE3–5 years GRC/InfoSec/IT audit experience; hands-on SOC 2 Type II, ISO 27001, CSA STAR, ISO/IEC 42001; experience with Vanta, audits, evidence management, risk assessments, policy maintenance, and strong communication skills.
Vanta, GCP, AWS, Azure
1mo
Save
Mark Applied
Hide
Principal Cybersecurity Compliance Analyst
Roseville or Sacramento or Oakland
$150k-$200k/yr HybridFull Time
GFT (Gannett Fleming)
GFT (Gannett Fleming): Provides infrastructure engineering, design, and construction management services.
10+ YOEBachelor's degree, 10+ years in power utility GRC/cybersecurity/OT, deep knowledge of NERC CIP and FERC, experience with audits and compliance documentation, and certification such as CISSP/CISM/RIMS-CRMP required.
GRC, FERC, NERC CIP, SCADA/ICS, NIST CSF, NIST SP 800-53, ISO 27001
1mo
Save
Mark Applied
Hide
Senior Technical PCI Analyst (Hybrid - Seattle)
Seattle or Los Angeles or San Francisco
$166k-$258k/yr HybridFull Time
Nordstrom
Nordstrom: Operates luxury department stores and off-price retail outlets.
6+ YOE6+ years hands-on PCI DSS experience (3+ years owning a PCI program), deep PCI DSS v4.0 knowledge, cloud (AWS/Azure/GCP) scoping experience, hands-on control testing and QSA coordination, GRC platform experience, bachelor’s degree or equivalent.
PCI DSS v4.0, ServiceNow, Archer, Drata, Vanta, AWS, Azure, GCP, GRC platform
2w
Save
Mark Applied
Hide
Senior Analyst, IT Internal Controls & SOX Compliance
San Francisco or Salt Lake City or Phoenix or Los Angeles or Chicago or Boston or Austin or New York City or Miami or Tampa or Atlanta or Columbus or Boise or San Diego or Minneapolis or Houston or Raleigh or Nashville or Kansas City or Charlotte or Portland or Philadelphia or Dallas or Washington D.C. or Seattle
$113k-$148k/yr RemoteFull Time
Circle
CircleNYSE: CRCL: Digital currency issuer and blockchain financial infrastructure provider.
4+ YOE4+ years Big 4 IT audit/controls experience, Bachelor's in related field, CPA/CISA/CIA/CISSP required; strong SOX/ITGC knowledge, cloud/SaaS/SDLC/IAM experience, ERP/GRC familiarity, and stakeholder communication skills.
Slack, Apple MacOS, Google Workspace, ERP, GRC, AI
20h
Save
Mark Applied
Hide
SENIOR RISK ASSESSMENT ANALYST
Oakland, California, United States
$160k-$184k/yr RemoteFull Time
University of California, Davis
University of California, Davis: A public research university providing higher education and healthcare.
8+ YOE8+ years of relevant experience overseeing enterprise cyber risk assessments; knowledge of NIST, ISO, HIPAA, PCI-DSS; GRC platform familiarity; strong communication, presentation, and project management skills.
ServiceNow, Archer
1w
Save
Mark Applied
Hide
Governance, Risk & Compliance Analyst
San Francisco, California, United States
$200k-$220k/yr OnsiteFull Time
Perplexity
Perplexity: AI-powered search engine providing conversational answers with citations.
6+ YOE6+ years leading audit and compliance engagements; experience with SOC2/ISO27001/HIPAA, GDPR/CCPA/CPRA; building GRC tooling and automation; strong communication and cross-functional collaboration skills.
3d
Save
Mark Applied
Hide
Senior Risk and Compliance Analyst
Brisbane, California, United States
$145k-$160k/yr OnsiteFull Time
Mytra
Mytra: Develops autonomous robotics for warehouse material flow automation.
Experience in security, compliance, GRC, audit readiness, vendor and customer security reviews; organized, strong written communication, and ability to manage audit evidence and policies.
Vanta GRC
2w
Save
Mark Applied
Hide
Senior Security Analyst, Customer Assurance
New York City or Seattle or Raleigh or San Francisco or Washington or London or Amsterdam
$134k-$214k/yr HybridFull Time
Plaid
Plaid: Provides financial data connectivity and payment infrastructure via APIs.
6+ YOE6+ years in security assurance/GRC with ownership of customer-facing security workflows; experience reviewing security contract provisions; familiarity with SOC 2, ISO 27001, NIST frameworks, PCI, GLBA, GDPR/CCPA; program design, metrics ownership, and AI-assisted workflow experience.
SOC 2, ISO 27001, NIST CSF, PCI DSS, GLBA, GDPR, CCPA, NIST 800-53
2w
Save
Mark Applied
Hide
Senior Compliance and Risk Analyst
United States or San Francisco or San Jose or New York City or Chicago or Austin or Denver or Boston or Washington or Philadelphia or Portland or Seattle or Miami or California or Alaska or Delaware or Hawaii or Idaho or Iowa or Montana or Nebraska or North Dakota or Rhode Island or South Dakota or West Virginia
$165k-$233k/yr RemoteFull Time
Calendly
Calendly: Scheduling automation platform for managing meetings and appointments.
5+ YOE5+ years in compliance/GRC in a technology/SaaS environment; SOC 2 and ISO 27001 experience; knowledge of NIST, GDPR, HIPAA; experience with compliance automation platforms and UARs; strong project management and communication.
SOC 2, ISO 27001, NIST, GDPR, HIPAA, Drata, Vanta, Tugboat Logic, PCI DSS, FedRAMP
1w
Save
Mark Applied
Hide
Compliance Analyst, Enterprise Compliance Office
Menlo Park, California, United States
$144k-$200k/yr HybridFull Time
Moloco
Moloco: AI-powered programmatic advertising and commerce media platform.
6+ YOE6+ years in compliance/legal operations/risk/audit or related fields; bachelor’s degree in a related field; experience with compliance programs, evidence coordination, documentation, analytics, and cross-functional collaboration.
Jira, Confluence, GRC platforms, Claude, Co-work, Microsoft Excel, Sheets, SQL, BI dashboards
2w
Save
Mark Applied
Hide
Governance, Risk, Compliance & Trust Analyst
Oakland, California, United States
$140k-$178k/yr HybridFull Time
Everlaw
Everlaw: Provides a cloud-based litigation platform for legal teams.
5+ YOE5+ years GRC experience; strong knowledge of FedRAMP, SOC 2, ISO frameworks; audit readiness, vendor reviews, customer security questionnaires, trust portals, and producing clear, audit-ready deliverables.
FedRAMP, SOC 2, ISO 27001, ISO 27017, ISO 27018, Covey, Covey Scout, Modern Health
3w
Save
Mark Applied
Hide
Governance, Risk, and Compliance Analyst
San Francisco or New York City or United States
$150k-$180k/yr HybridFull Time
You.com
You.com: AI-powered search engine and enterprise productivity platform.
3+ YOE3+ years GRC/infosec compliance experience; hands-on SOC 2 or ISO 27001 auditing; vendor risk assessments; familiarity with GDPR, CCPA, AI regulatory landscape; strong written/verbal communication and organization.
SOC 2, ISO 27001, GDPR, CCPA, HIPAA, FedRAMP, EU AI Act, AI, LLM, E-Verify, DDQ, VSQ
2w
Save
Mark Applied
Hide
Cyber and Technology Risk Analyst - Lead Consultant
Illinois or San Francisco or Los Angeles or Indiana
$91k-$154k/yr HybridFull Time
Allstate
AllstateNYSE: ALL: Provides insurance products for vehicles, homes, and businesses.
4+ YOEMinimum 4 years in cyber/technology risk management; expertise with MITRE ATT&CK, threat modeling, cloud and infrastructure, risk assessments, strong analytical and communication skills; relevant security certs preferred.
MITRE ATT&CK Framework, GRC Platform, Identity Access Management (IAM)