20 grc analyst jobs at 19 companies in Berkeley, CA
1mo
Save
Mark Applied
Hide
1mo
GRC Analyst
San Francisco or New York City or Bangalore or United States or Europe
$130k-$175k/yrHybridFull Time
Mesh: Connecting digital wallets and exchanges for unified cryptocurrency payments.
3+ YOE3+ years hands-on GRC experience; familiarity with SOC 2, NIST, MiCA, Money Transmitter Licenses; BC/DR program experience; vendor risk assessments; control testing and remediation; strong communication and operationalization skills.
DoorDashNASDAQ: DASH: On-demand delivery platform connecting consumers with local merchants.
6+ YOE6+ years in security compliance/GRC with 3+ years implementing HIPAA programs in technology or regulated environments; strong HIPAA Security Rule knowledge, multi-framework experience, technical fluency with cloud/IAM/CI/CD, and stakeholder communication skills.
RobloxNYSE: RBLX: Platform for creating and playing user-generated 3D digital experiences.
4+ YOE4+ years GRC experience, risk assessment and policy development, ability to work with engineers, knowledge of compliance frameworks and security controls.
Factor Analysis of Information Risk (FAIR), Roblox Studio
Workato: Enterprise platform for automating business workflows and integrating applications.
8+ YOE8+ years in cybersecurity, audits, risk management, or compliance; hands-on FedRAMP experience; cloud security controls; strong communication; eligibility for federal programs.
AWS GovCloud, Azure Government, Google Cloud, NIST 800-53, FedRAMP, PCI-DSS, SOC 2, ISO 27001, 27701
AdobeNASDAQ: ADBE: Provides software for digital media creation and marketing analytics
5+ YOE5+ years GRC/InfoSec experience, knowledge of SOC/ISO/HIPAA/FedRAMP/NIST frameworks, program and audit leadership, strong communication and analytical skills.
AWS, Azure, GCP, Adobe Common Controls Framework (CCF)
Headway: A healthtech accelerating access to mental healthcare
5+ YOE5+ years in GRC/compliance/security risk; knowledge of HITRUST/SOC 2/PCI-DSS/HIPAA; experience with GRC platforms; strong communication; ability to build repeatable processes; interest in AI-enabled security workflows; healthcare/healthtech HIPAA understanding a plus
Ivo: AI-powered contract review and intelligence platform for legal teams.
3+ YOE3–5 years GRC/InfoSec/IT audit experience; hands-on SOC 2 Type II, ISO 27001, CSA STAR, ISO/IEC 42001; experience with Vanta, audits, evidence management, risk assessments, policy maintenance, and strong communication skills.
GFT (Gannett Fleming): Provides infrastructure engineering, design, and construction management services.
10+ YOEBachelor's degree, 10+ years in power utility GRC/cybersecurity/OT, deep knowledge of NERC CIP and FERC, experience with audits and compliance documentation, and certification such as CISSP/CISM/RIMS-CRMP required.
Nordstrom: Operates luxury department stores and off-price retail outlets.
6+ YOE6+ years hands-on PCI DSS experience (3+ years owning a PCI program), deep PCI DSS v4.0 knowledge, cloud (AWS/Azure/GCP) scoping experience, hands-on control testing and QSA coordination, GRC platform experience, bachelor’s degree or equivalent.
Senior Analyst, IT Internal Controls & SOX Compliance
San Francisco or Salt Lake City or Phoenix or Los Angeles or Chicago or Boston or Austin or New York City or Miami or Tampa or Atlanta or Columbus or Boise or San Diego or Minneapolis or Houston or Raleigh or Nashville or Kansas City or Charlotte or Portland or Philadelphia or Dallas or Washington D.C. or Seattle
$113k-$148k/yrRemoteFull Time
CircleNYSE: CRCL: Digital currency issuer and blockchain financial infrastructure provider.
4+ YOE4+ years Big 4 IT audit/controls experience, Bachelor's in related field, CPA/CISA/CIA/CISSP required; strong SOX/ITGC knowledge, cloud/SaaS/SDLC/IAM experience, ERP/GRC familiarity, and stakeholder communication skills.
Slack, Apple MacOS, Google Workspace, ERP, GRC, AI
Perplexity: AI-powered search engine providing conversational answers with citations.
6+ YOE6+ years leading audit and compliance engagements; experience with SOC2/ISO27001/HIPAA, GDPR/CCPA/CPRA; building GRC tooling and automation; strong communication and cross-functional collaboration skills.
Mytra: Develops autonomous robotics for warehouse material flow automation.
Experience in security, compliance, GRC, audit readiness, vendor and customer security reviews; organized, strong written communication, and ability to manage audit evidence and policies.
New York City or Seattle or Raleigh or San Francisco or Washington or London or Amsterdam
$134k-$214k/yrHybridFull Time
Plaid: Provides financial data connectivity and payment infrastructure via APIs.
6+ YOE6+ years in security assurance/GRC with ownership of customer-facing security workflows; experience reviewing security contract provisions; familiarity with SOC 2, ISO 27001, NIST frameworks, PCI, GLBA, GDPR/CCPA; program design, metrics ownership, and AI-assisted workflow experience.
United States or San Francisco or San Jose or New York City or Chicago or Austin or Denver or Boston or Washington or Philadelphia or Portland or Seattle or Miami or California or Alaska or Delaware or Hawaii or Idaho or Iowa or Montana or Nebraska or North Dakota or Rhode Island or South Dakota or West Virginia
$165k-$233k/yrRemoteFull Time
Calendly: Scheduling automation platform for managing meetings and appointments.
5+ YOE5+ years in compliance/GRC in a technology/SaaS environment; SOC 2 and ISO 27001 experience; knowledge of NIST, GDPR, HIPAA; experience with compliance automation platforms and UARs; strong project management and communication.
Moloco: AI-powered programmatic advertising and commerce media platform.
6+ YOE6+ years in compliance/legal operations/risk/audit or related fields; bachelor’s degree in a related field; experience with compliance programs, evidence coordination, documentation, analytics, and cross-functional collaboration.
Jira, Confluence, GRC platforms, Claude, Co-work, Microsoft Excel, Sheets, SQL, BI dashboards
You.com: AI-powered search engine and enterprise productivity platform.
3+ YOE3+ years GRC/infosec compliance experience; hands-on SOC 2 or ISO 27001 auditing; vendor risk assessments; familiarity with GDPR, CCPA, AI regulatory landscape; strong written/verbal communication and organization.
SOC 2, ISO 27001, GDPR, CCPA, HIPAA, FedRAMP, EU AI Act, AI, LLM, E-Verify, DDQ, VSQ
Cyber and Technology Risk Analyst - Lead Consultant
Illinois or San Francisco or Los Angeles or Indiana
$91k-$154k/yrHybridFull Time
AllstateNYSE: ALL: Provides insurance products for vehicles, homes, and businesses.
4+ YOEMinimum 4 years in cyber/technology risk management; expertise with MITRE ATT&CK, threat modeling, cloud and infrastructure, risk assessments, strong analytical and communication skills; relevant security certs preferred.