GRC & Privacy Analyst

About ShipHero

ShipHero is a technology company that provides a leading Warehouse Management System (WMS) and outsourced fulfillment services to over 5,000 e-commerce brands. We are a globally remote company with a passion for building innovative solutions and supporting our customers' growth. Our team is agile, collaborative, and dedicated to excellence.

The Role

ShipHero is seeking a highly motivated and detail-oriented GRC & Privacy Analyst to join our Compliance team. Reporting directly to the Head of Compliance (DPO), you will be a key player in the day-to-day operations of our global security, privacy, and compliance programs.

This is a hands-on role for a proactive "self-starter" who is eager to learn and grow. You will gain invaluable mentorship and broad exposure to all facets of GRC in a modern, cloud-native tech environment. You will be responsible for managing critical compliance tools, supporting our SOC 2 audits, handling vendor risk management, and operationalizing our global data privacy program.

What You'll Do:

• Privacy Operations: Manage and configure our data privacy platform (Osano) to ensure compliance with global regulations. This includes managing our consent management program, cookie categorization, and the operational response to Universal Opt-Out Mechanisms (UOOM) and Global Privacy Control (GPC).
• Third-Party Risk Management (TPRM): Own the end-to-end vendor risk assessment process, from initial due diligence and security questionnaires to reviewing Data Processing Agreements (DPAs) and managing the vendor lifecycle.
• GRC & Audit Support: Play a critical role in our compliance programs by managing our GRC platform (Drata). You will be responsible for collecting, reviewing, and organizing audit evidence, monitoring control effectiveness, and supporting our annual SOC 2 Type 2 audits.
• Compliance Research & Documentation: Proactively research, summarize, and provide guidance on emerging data privacy regulations in the U.S. (state-level), Canada (PIPEDA, Law 25), and the EU/UK (GDPR).
• Policy & Awareness: Assist in drafting, reviewing, and maintaining compliance policies, procedures, and internal documentation. You will also help support our security awareness training program (KnowBe4).

What You'll Bring (Qualifications):

• Experience: 2-3 years of hands-on experience in a GRC, data privacy, compliance, or IT audit role.
• Core Knowledge: A strong foundational understanding of U.S. Data Privacy Regulations (e.g., CCPA/CPRA, VCDPA, etc.) is required.
• Global Familiarity: Working knowledge of GDPR and Canadian privacy laws (PIPEDA, Law 25).
• The "Self-Starter" DNA: You must be a highly motivated, self-directed learner. You have the resilience to conduct independent research, the curiosity to learn new tools, and the professional judgment to know when to ask for help.
• Technical Aptitude: You are "tool-savvy" and comfortable mastering new SaaS platforms. High proficiency in spreadsheets (Google Sheets / Excel) for tracking, analysis, and reporting is essential.
• Communication: Flawless written and verbal communication skills in English.
• Soft Skills: Exceptional organizational skills, high attention to detail, and the ability to manage multiple priorities in a fast-paced, remote environment.

Preferred Qualifications (Strong Pluses):

• Direct, hands-on experience participating in one or more SOC 2 Type 2 audits.
• Experience with a GRC automation platform (e.g., Drata, Vanta, Secureframe).
• Experience with a data privacy management platform (e.g., Osano, OneTrust, TrustArc), especially for consent management (GPC/UOOM).
• Experience working in a SaaS, cloud-native, or e-commerce technology company.
• A strong interest in emerging technologies and regulations, such as AI governance.

Why ShipHero?

• Direct Impact: As part of a lean and agile team, your work will have a direct and immediate impact on our compliance and security posture.
• Growth & Mentorship: This is a unique opportunity to be mentored directly by the Head of Compliance/DPO and gain comprehensive experience across all GRC domains.
• Work-Life Balance: We are a 100% remote company. We offer a flexible and autonomous work environment where you are trusted to manage your own time and deliver results.
  

Our Core Values:

• Do the right thing - Our employees are held to the highest standards. We act with integrity and honesty, embrace accountability, and do what’s right, even when no one is watching.
• Tenacity - We take a relentless approach in our business: We show up expecting to win every day, obsess about serving our clients and employees, and are driven by results.
• Have Fun & Be Bold - We support work-life balance and have fun while being our bold and authentic selves.
• Scrappiness - We do more with less. We are scrappy, determined, resourceful, and relentless in delivering results.

ShipHero would like to thank all applicants for their interest; however, only those selected for an interview will be contacted.

Ship Hero is committed to a diverse and inclusive workplace. ShipHero is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, disability, age or any other characteristic protected by law. We are committed to providing employment accommodation in accordance with the law. If you require accommodations due to a disability at any stage of our hiring process, please notify our Human Resources Team.