GRC Analyst I or II

Business Innovation & Technology | Long Beach, United States


At Laserfiche, we create human-centered software that makes our world run smoother. If you are someone who wants to empower individuals and organizations to achieve more, using technology, join Laserfiche! We are looking for an experienced GRC analyst for the corporate Governance, Risk and Compliance (GRC) function. The GRC Analyst will be responsible for IT internal audits, data privacy and regulatory compliance initiatives, vendor risk assessments, industry security certifications and other areas.

Eligible States for Remote Work: Arizona, Florida, Georgia, Hawaii, Maryland, Massachusetts, Minnesota, Nevada, Ohio, Oregon, Texas, Utah, Virginia, Washington, Washington DC, West Virginia and Wisconsin

What You'll Do:

  • Document, test and monitor IT and data privacy controls as part of an ongoing GRC program
  • Perform IT general computer controls (ITGC) and application security internal assessments to help ensure compliance with corporate information security and Laserfiche Cloud policies
  • Lead vendor risk management assessments with third party service providers and vendors
  • Collaborate with departments to provide written responses to RFPs and questionnaires on IT security, controls, data privacy and compliance areas
  • Perform privacy impact assessments and data protection impact assessments
  • Update BIAs and BCPs as part of a business continuity management program
  • Coordinate with ITS and Development on DRP updates and plan testing
  • Contribute to ongoing updates to security policies and security awareness training programs
  • Assist with projects as part of an ongoing regulatory compliance program

What We're Looking For

  • Bachelor’s degree (BA) in MIS, IT audit, cybersecurity or related degree program is required
  • Minimum of 3-5 years of experience in IT audit, vendor risk management and security assessments
  • Experience with third-party attestations (e.g., SOC 2 Plus) and IT controls documentation
  • Experience with industry regulations (e.g., SOX, HIPAA), frameworks (e.g., ISO 27001, COBIT) and NIST standards (e.g., SP 800-53, SP 800-171)
  • Certification in IT audit, IT risk, privacy and/or security preferred (e.g., CISA, CISSP, CRISC, CISM)
  • Ability to organize and prioritize projects with minimal supervision
  • Strong written and verbal communication skills
  • Big Four consulting experience a plus

What We Offer:
  • Temporary or permanent workplace relocation in states we have a business presence
  • Paid volunteer days to give back to the community
  • 15 days of paid time off (to start) + 4-day year-end closure + 3 additional 'me' days
  • 9 days of paid public holidays
  • Generous 401 (k) employer match contribution
  • Professional development and career growth opportunities
  • Mentorship program participation to inspire the rising leaders of Laserfiche
  • Employee Resource Groups (ERG) and opportunities to contribute to our DEI initiatives
  • Employee Referral Program to gain extra cash
The salary range varies, and pay is based on several factors including but not limited to education, certifications (if applicable), candidate's geographic region, job-related knowledge, skills, and years of experience among other factors.

GRC Analyst I: $80,000 - $110,000
GRC Analyst II: $110,000 - $145,000

About Us:
Laserfiche is the leading SaaS provider of intelligent content management and business process automation. Customers in 5+ industries use Laserfiche cloud-first development approach to boost productivity, scale their business and deliver digital-first customer experiences.

Laserfiche employees in offices around the world are committed to the company’s vision of empowering customers and inspiring people to reimagine how technology can transform lives.

Click here to learn more about Life at Laserfiche.

Laserfiche complies with all Equal Opportunity and Affirmative Action regulations. Laserfiche makes all employment decisions – such as recruiting, hiring, training, promotion, compensation, professional development practices, discipline and termination – without regard to race, religion, color, national origin, ancestry, citizenship, sex, pregnancy, age, creed, physical or mental disability, medical condition, genetic characteristic, marital status, veteran status, gender identity/expression, sexual orientation or any other characteristic protected by law, except as may be permitted by law.