GRC Analyst

The role

We are looking for a GRC Analyst to help us run and evolve our governance, risk, and compliance program in a way that is credible with technical teams and useful for the business.

We are not looking for a traditional “paper compliance” role. The ideal candidate has a strong technical foundation - whether from engineering, IT management, DevOps, SRE, or a similar hands-on background - and can bridge the gap between how systems are actually built and operated (GitHub, CI/CD, Kubernetes, cloud, observability) and what we need to demonstrate for audits, customers, and leadership.

You will work closely with Engineering, DevOps/Platform, Security, Legal, and customer-facing teams to keep us audit-ready, reduce risk in practical ways, and support the next wave of compliance efforts (for example ISO 22301, and longer-term options like HITRUST and FedRAMP).

You don’t need to be a compliance expert, but if you have a solid background in security, are eager to learn, and are ready to be bold and take ownership, this role offers a great opportunity to grow quickly and actually have a real impact in a hypergrowth AI unicorn.

What you'll be doing

• GRC Program Ownership: Own and continuously improve our GRC program across ISO 27001, SOC 2, ISO 27701, and ISO 42001, including control mapping and evidence expectations. Partner with control owners to make compliance repeatable and low-friction. Drive audit readiness: artifacts, timelines, action tracking. Improve policies, standards, and procedures.
• Technical-to-Compliance Translation: Build strong working relationships with DevOps/Platform and engineering teams. Evaluate technical implementations - branch protection, CI/CD, Kubernetes, cloud architecture, monitoring. Translate technical reality into clear audit narratives.
• Risk Management: Contribute to risk identification and assessment across technical, operational, and vendor domains. Maintain risk registers and track mitigations. Support leadership reporting.
• Growth into Future Certifications: Evaluate and prepare for ISO 22301, HITRUST, and FedRAMP. Identify gaps and propose pragmatic roadmaps.

We'd love to hear from you if you

• Have a hands-on technical background (engineering, DevOps/SRE, IT management, or similar) and understand how cloud environments work, especially AWS.
• Can follow technical conversations well beyond what a traditional auditor can.
• Have experience supporting audit cycles and know what good evidence looks like.
• Are organised, proactive, and can drive multiple workstreams independently.
• Have technical aptitude: comfortable writing a simple script when needed, and experienced using AI and LLM tools.

Bonus points if you

• Have direct experience with ISO 27001, SOC 2, ISO 42001, or ISO 27701, or have worked in ISO 22301, HITRUST, or FedRAMP environments.
• Have used GRC tooling such as Vanta, Drata, or OneTrust.
• Have built lightweight automation to reduce compliance toil.
• Have worked in a fast-growing SaaS company and supported an external audit.

Why join us?

We’re living the golden age of AI. The next decade will yield the next iconic companies, and we dare to say we have what it takes to become one. At [Employer hidden] we’re passionate about building, not talking. We serve 50,000+ customers and 50% of the Fortune 500. We're trusted by leading brands and have proprietary AI technology. AI safety, ethics, and security are fundamental to our mission. People first. Always.

The hiring process

• 30-40min call with our Technical Recruiter
• 60mins call with the Hiring Manager
• Take-Home Assignment
• 90mins Debrief with the Hiring Manager and Head of Security

Other important info

• This is a remote role from the UK OR an EU country
• This is full-time employment only - no contractors possible
• You can view our benefits here