Compyl Logo

Compyl

Senior GRC Analyst

Posted An Hour Ago
Be an Early Applicant
Remote
Hiring Remotely in USA
115K-145K Annually
Senior level
Remote
Hiring Remotely in USA
115K-145K Annually
Senior level
Serve as a hands-on GRC advisor for customers: guide risk assessments, audits (SOC 2, ISO 27001, HIPAA, PCI-DSS, NIST), risk registers, policy and control rollouts; resolve complex GRC questions; create scalable guidance and partner with Support and Customer Success to own escalations and improve the platform.
The summary above was generated by AI
Senior GRC Analyst

Location: Remote

About Compyl

Compyl is a high-growth, venture-backed GRC and automated security compliance platform built by security practitioners for security practitioners. Founded in 2020 by two former CISO's, we replace the spreadsheets, point tools, and consulting engagements security teams have relied on with a single, all-in-one platform that automates evidence collection, control mapping, audit preparation, and continuous monitoring. We're backed by Venture Guides, Contour Venture Partners, and Armory Square Ventures.

The Role

Our customers don't just need a platform that tracks their GRC program. They need a trusted voice who can help them think through it. As a Senior GRC Analyst, you'll be the person customers turn to when a risk assessment gets complicated, an audit raises an unexpected question, or a policy needs to be adapted to their specific environment.

This role goes beyond process execution and platform support. You'll bring real GRC judgment to every customer interaction, recognizing when a question is more complex than it looks, and guiding customers through it with the confidence of someone who has actually done this work before.

What You'll Do
  • Serve as a hands-on GRC advisor for a portfolio of customers, guiding them through risk assessments, risk registers, audit preparation, and control rollouts.

  • Help customers prepare for and navigate audits (SOC 2, ISO 27001, HIPAA, PCI-DSS, NIST, and similar frameworks), translating requirements into practical next steps.

  • Advise on policy development and control design tailored to each customer's risk profile and maturity level — not just “what the framework says,” but what actually makes sense for them.

  • Spot GRC complexity early — recognizing when a customer's question touches on risk, compliance, or audit nuance that needs more than a standard playbook answer.

  • Partner closely with Support and Customer Success to own the escalations that require real GRC expertise, not just product knowledge.

  • Turn recurring customer questions into scalable guidance — playbooks, internal knowledge base content, and best-practice frameworks the whole team can use.

  • Act as the voice of the customer internally, flagging where our platform could better support real-world GRC workflows.

What We're Looking For
  • 5+ years of experience as a GRC analyst, consultant, or coordinator — in-house, at a consulting firm, or in a similar capacity.

  • Direct, hands-on experience with audits, risk assessments and risk registers, and policy rollouts — you've been in the room, not just read about it.

  • Working familiarity with common frameworks (SOC 2, ISO 27001, HIPAA, PCI-DSS, NIST, or similar) — deep specialization isn't required, but you should be able to orient quickly in any of them.

  • An instinct for GRC complexity: you can tell when something is more nuanced than it first appears, and you know how to break it down for someone who's stuck.

  • Strong consultative communication skills — you can explain a compliance concept to a nontechnical stakeholder without losing the substance.

  • A genuine interest in helping customers solve problems, not just closing tickets.

Nice to Have
  • Certifications such as CISA, CRISC, CGRC, or ISO 27001 Lead Implementer/Auditor.

  • Experience working directly with a GRC software platform (as a practitioner, implementer, or vendor-side consultant).

  • Exposure to multiple industries or company sizes, giving you a broader sense of how GRC programs vary in practice.


COMPENSATION & BENEFITS

Competitive salary and meaningful equity participation at a Series A inflection point. Comprehensive paid benefits, including health insurance, 401(k), and generous leave policies.

 
WHY COMPYL

Category-defining market: GRC and automated compliance is one of the fastest-growing segments in enterprise software. The tailwinds are structural, not cyclical.

Real product, real traction: Healthy customer growth, a platform built by practitioners who understand the buyer.

Series A momentum: Backed by Venture Guides, Contour Venture Partners, and Armory Square Ventures, with the capital and conviction to scale aggressively.

Autonomy, no bureaucracy: No micromanagement. You're trusted as the expert and given room to build the function your way.

Meaningful equity: Significant equity participation at a valuation inflection point.

 
EQUAL OPPORTUNITY

Compyl is an equal opportunity employer and does not discriminate on the basis of race, color, religion, national origin, ethnicity, sex (including gender identity, pregnancy, and sexual orientation), age, disability, veteran status, marital status, or any legally protected status under federal, state, or local law.

Applicants with disabilities may be entitled to reasonable accommodation under the Americans with Disabilities Act (ADA) or applicable state/local laws. To request accommodation during the application process, please contact Jaymes Nowicki, Head of Talent Acquisition.

Similar Jobs

Yesterday
Remote
GA, USA
Senior level
Senior level
Greentech • Other
Lead and maintain GRC program activities including risk assessments, control evaluation, remediation tracking, audit and certification coordination (ISO, CMMC, NYDFS), evidence collection, vendor/third-party risk support, and reporting compliance metrics to leadership.
Top Skills: CmmcExcelGrc PlatformsIso 27001Iso 27002Iso 27005Microsoft 365Ms TeamsNis2NistNydfsPowerPointSoc 2
3 Days Ago
In-Office or Remote
106K-222K Annually
Senior level
106K-222K Annually
Senior level
Events • Analytics • Consulting
Conduct research and deliver strategic advice on risk management and cyber risk quantification. Develop and maintain risk artifacts (standards, procedures, appetite, registry), produce 6–8 research projects yearly, consult with clients, collaborate across Forrester teams, advise vendors, publish insights, and present externally. Support C-suite and risk leaders and travel up to 20%.
Top Skills: Grc Platforms
4 Days Ago
Remote
USA
90K-130K Annually
Senior level
90K-130K Annually
Senior level
Healthtech
Lead and mature the organization's GRC program by maintaining risk registers and control frameworks, driving compliance monitoring, coordinating third-party/vendor risk assessments, applying risk scoring and maturity tracking, managing GRC artifacts (Excel/SharePoint), translating findings for executives, and partnering with stakeholders to implement security policy and process improvements in a regulated healthcare environment.
Top Skills: ExcelGrcHipaa/HitechNist Csf 2.0Sharepoint

What you need to know about the Colorado Tech Scene

With a business-friendly climate and research universities like CU Boulder and Colorado State, Colorado has made a name for itself as a startup ecosystem. The state boasts a skilled workforce and high quality of life thanks to its affordable housing, vibrant cultural scene and unparalleled opportunities for outdoor recreation. Colorado is also home to the National Renewable Energy Laboratory, helping cement its status as a hub for renewable energy innovation.

Key Facts About Colorado Tech

  • Number of Tech Workers: 260,000; 8.5% of overall workforce (2024 CompTIA survey)
  • Major Tech Employers: Lockheed Martin, Century Link, Comcast, BAE Systems, Level 3
  • Key Industries: Software, artificial intelligence, aerospace, e-commerce, fintech, healthtech
  • Funding Landscape: $4.9 billion in VC funding in 2024 (Pitchbook)
  • Notable Investors: Access Venture Partners, Ridgeline Ventures, Techstars, Blackhorn Ventures
  • Research Centers and Universities: Colorado School of Mines, University of Colorado Boulder, University of Denver, Colorado State University, Mesa Laboratory, Space Science Institute, National Center for Atmospheric Research, National Renewable Energy Laboratory, Gottlieb Institute

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account