GRC Analyst

Fluidstack

$200K — $270K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years in compliance focusing on frameworks like SOC 2, ISO 27001, NIST 800-53, or FedRAMP.
  • Experience operationalizing compliance controls through authentic audit processes.
  • Proven ability to maintain and update compliance documentation in line with organizational changes.
  • Strong background in managing auditor interactions and closing audit findings independently.
  • Ability to engage and get timely compliance input from various stakeholders across the organization.
  • Proficiency in monitoring compliance controls continuously, identifying gaps proactively.
  • Skilled at mapping compliance requirements across different frameworks efficiently.

Responsibilities

  • Oversee the full compliance program for SOC 2, ISO 27001, NIST 800-53, and FedRAMP.
  • Draft and maintain system policies and documentation, ensuring they evolve with the compliance program.
  • Conduct regular control operations, including access reviews and evidence collection, efficiently.
  • Facilitate audit cycles with external auditors, ensuring timely closure of findings.
  • Integrate new sites and teams into the compliance program seamlessly, ensuring consistent coverage.

Benefits

  • Competitive total compensation package including salary and equity.
  • Retirement or pension plan options available.
  • Health, dental, and vision insurance provided.
  • Generous paid time off (PTO) policy in line with local standards.
Full Job Description
Role Scope
  • Run the day-to-day compliance program end to end across SOC 2 Type II, ISO 27001, NIST 800-53, and FedRAMP Moderate equivalency: continuous evidence collection, control monitoring, and audit readiness held on GRC platforms (Vanta) and the tooling we build in-house.
  • Own the policy and procedure set: draft, maintain, and run the review cycle so documentation keeps pace with the controls as the program grows.
  • Run recurring control operations on cadence, access reviews, control owner attestations, and evidence refreshes, chasing system owners and employees across the org directly to get them done on time.
  • Drive audit and assessment cycles with external auditors and assessors and manage the POA&M to closure, tracking each finding to a named owner and milestone so nothing ages past its deadline.
  • Bring each new site and team into the compliance program as we scale, mapping their systems to existing controls so coverage stays consistent instead of fragmenting facility by facility.

What We're Looking For

The below is a starting point. We always make space for exceptional people, so if you don't fit this role exactly, tell us where you would.
  • You've operated controls and pulled evidence against at least one major framework (SOC 2, ISO 27001, NIST 800-53, or FedRAMP) through a real audit, not just read the policy.
  • You've owned a compliance documentation set, policies, procedures, and control narratives, and kept it current as the environment changed underneath you.
  • You've sat across from an auditor or assessor, defended how a control runs in practice, and closed findings without escalating every question upward.
  • You get evidence and adherence out of busy engineers, system owners, and employees across the org, on time, without a manager pushing you to do it.
  • You catch a stale control, an expired access grant, or a coverage gap before an assessor does, because you watch the portfolio continuously, not once a quarter.
  • You translate a control requirement into the exact artifact that proves it, and you keep that mapping tight across overlapping frameworks instead of collecting the same evidence twice.
  • Bonus: FedRAMP Moderate equivalency or NIST 800-53 evidence work. GRC platforms (Vanta) or comparable continuous-compliance tooling. Cloud, GPU, or data center environments. Mapping controls across SOC 2, ISO 27001, and NIST in parallel.
Salary & Benefits
  • Competitive total compensation package (salary + equity).
  • Retirement or pension plan, in line with local norms.
  • Health, dental, and vision insurance.
  • Generous PTO policy, in line with local norms.

The base salary range for this position is $200,000 - $270,000 per year, depending on experience, skills, qualifications, and location. This range represents our good faith estimate of the compensation for this role at the time of posting. Total compensation may also include equity in the form of stock options.

We are committed to pay equity and transparency.

You will receive a confirmation email once your application has successfully been accepted. If there is an error with your submission and you did not receive a confirmation email, please email [redacted] with your resume/CV, the role you've applied for, and the date you submitted your application-- someone from our recruiting team will be in touch.

Similar Jobs

More Jobs at Fluidstack

More Information Technology Jobs

Find similar GRC Analyst jobs: