GRC Analyst 2
Full Time
1 month ago
Employment Information
That s why we re looking for a talented GRC Analyst 2 to join Procore s journey to revolutionize a historically under-served industry. As a GRC Analyst you ll be a key member of the Governance, Risk & Compliance team within our Security Team. You ll partner cross-functionally with our Platform, Applications, Infrastructure, Product Security, Product, Legal, and Internal Audit teams to develop and maintain compliance with existing control standards, as well as pursue new ones.
This position will report into the Manager of GRC and has the opportunity to be based in our Bangalore office (Hybrid) in India. We re looking for someone to join us immediately.
What youll do:
- Maintain a risk and control matrix for Product and Technology
- Facilitate audits across various IT and Security compliance and industry standard frameworks, including managing evidence requests with control owners and regularly reporting on audit status.
- Execute walkthroughs and testing of IT General Controls (Access, Change Management, Operations, Backup, etc.) across key systems (e.g., AWS, Okta, GitHub, Workday, NetSuite, etc.)
- Perform periodic user access reviews, password policy checks, and change management validations
- Maintain audit-ready documentation with a focus on completeness, accuracy, and timeliness.
- Understand the control stack, including mitigating & finding ways to improve controls
- Keep data in the GRC platform current and relevant
- Work closely with Internal Audit, Legal, IT Compliance, and Product through day-to-day compliance operations
What were looking for:
- Bachelor s degree in engineering, Information Systems, Business or related disciplines; Masters preferred
- 3-5 years of total experience including 2+ years of experience in consulting at a Big 4 audit firm / 2+ years as a governance, risk & compliance specialist, preferably at a Enterprise / Late Stage SaaS Startup.
- Strong collaboration skills
- Ability to apply a risk-based approach to IT compliance
- Demonstrated strong analytical thinking, documentation skills, attention to detail, stakeholder communication and ability to manage multiple projects and priorities.
- Experience with GRC tools such as Drata and AuditBoard is preferred.
- Understanding of Security and Compliance standards such as ISO 27001, SOC1/2, NIST CSF, NIS2, Cyber Essentials etc.
- Industry Certifications such as ISO Lead Implementer, Lead Auditor, CISA, CRISC or pursuing similar preferred.
Share this
