landing_page-logo
Udemy logo

Senior Governance, Risk And Compliance Analyst

UdemyDenver, CO
Apply with Sonara
Apply

Automate your job search with Sonara.

Submit 10x as many applications with less effort than one manual application.1

Reclaim your time by letting our AI handle the grunt work of job searching.

We continuously scan millions of openings to find your top matches.

pay-wall

Job Description

Where we work

Udemy is a global company headquartered in San Francisco, with additional U.S. offices in Denver and Austin, and international hubs in Australia, India, Ireland, Mexico, and Türkiye. This is an in-office position, requiring three days a week in the office (Tuesday, Wednesday, Thursday) and flexibility on Mondays and Fridays.

About your skills

  • Consulting: You see beyond the present problem and identify the fundamental 'why'. You are a creative thinker and co-design potential solutions with the stakeholders.

  • Influencing: You develop relationships effectively up, down, and across the organization and are able to strategically use these relationships to help move work forward. You scope solutions to "get to yes" and are capable of pushing back on disagreement if they will not provide the outcome needed for the team or the business.

  • Decision Making: You use critical thinking to follow a defined decision making process and consider multiple perspectives. Upon making a decision, you are clear in your communication and ensure everyone is aligned in execution.

  • Coaching: You have strong coaching skills allowing you to actively listen and ask the kind of questions to help you diagnose and effectively address issues.

Preferred Qualifications:

  • Audit Experience: Experience with third-party audits or as an internal auditor, particularly within the technology sector.

  • Certifications: Relevant certifications such as CISA, CISSP, or equivalent are desireable.

About this role

The GRC Senior Analyst will be responsible for leading the GRC team in achieving and maintaining compliance with key third-party certifications. You will work closely with system and control owners across the organization to document, update, and maintain control language, policies, procedures, and other essential documentation. Your role will involve significant interaction with third-party auditors and internal stakeholders, requiring superior written and verbal communication skills. You will also interface with customers, requiring a professional and positive attitude, particularly under pressure.

\What you'll be doing

  • Certification Support: Lead in the preparation, submission, and maintenance of key third-party certifications, including CMMC (Cybersecurity Maturity Model Certification) and assisting in SOC 2, ISO 27001, and other frameworks.

  • Documentation Management: Collaborate with system and control owners to document and update control language, policies, procedures, and other documentation required for certifications and audits.

  • Audit Lead: Serve as a primary point of contact during internal and external audits, effectively communicating with third-party auditors and ensuring audit requirements are met.

  • Cross-Functional Collaboration: Work closely with teams across the organization, including IT, security, and operations, to ensure all compliance-related activities are aligned with business goals and regulatory requirements.

  • Customer Interaction: Interface with customers to address compliance-related inquiries, providing clear and concise information with a professional demeanor.

  • Process Improvement: Continuously evaluate and improve GRC processes, ensuring they are efficient, scalable, and aligned with industry best practices.

  • Risk Management: Lead in identifying, assessing, and mitigating risks related to compliance, working with relevant stakeholders to implement necessary controls.

  • Compliance Monitoring: Maintain up-to-date knowledge of regulatory changes and ensure that the company's policies and procedures remain compliant.

What you'll have

  • Experience: 7+ years of experience in a GRC, compliance, or audit-related role, with a focus on CMMC, NIST, FedRAMP, or similar frameworks.

  • Communication Skills: Superior written and verbal communication skills, with the ability to interact professionally with auditors, customers, and internal teams.

  • Documentation Skills: Excellent attention to detail in documenting controls, policies, and procedures, with the ability to translate complex concepts into clear and actionable language.

  • Calm Under Pressure: Proven ability to remain calm, collected, and professional under pressure, particularly during audits and customer interactions.

  • Collaboration: Ability to work cross-functionally with various departments and teams to achieve compliance objectives.