GRC Analyst – Security & Privacy Compliance

About the role

We are looking for a meticulous Security and Privacy Compliance Analyst to join Zone & Company Software Consulting LLC. Reporting to the Director of IT, Security and Compliance, you will help mature our governance, risk and compliance (GRC) programs and ensure our financial software meets the highest data protection standards.

Key responsibilities

• Lead and scale core security compliance frameworks, including SOC 2 Type II and ISO 27001.
• Govern global data‑privacy operations, maintaining alignment with GDPR, CCPA/CPRA and emerging regulations.
• Act as the primary security liaison for enterprise customers, supporting the sales cycle with clear security posture communication.
• Manage internal audit programs and oversee third‑party vendor risk lifecycle.
• Coordinate evidence collection and work with external auditors during annual assessments.
• Conduct Data Privacy Impact Assessments for new products and handle Data Subject Access Requests within SLA.
• Complete vendor security questionnaires and maintain an up‑to‑date trust center.

Required profile

• Strong foundational knowledge of major security frameworks and privacy regulations.
• Excellent attention to detail in auditing internal processes.
• Ability to communicate compliance findings clearly to technical and non‑technical audiences.

Required skills

• SOC 2 Type II
• ISO 27001
• GDPR
• CCPA/CPRA
• Data Privacy Impact Assessments (DPIA)
• Data Subject Access Requests (DSAR)