GRC Analyst

The Role

At Doppel, we focus on building a culture where people feel respected, supported, and trusted to do meaningful work. We value clarity, collaboration, and solving real problems for our customers and teammates.

We are looking for a Governance, Risk & Compliance (GRC) Analyst to lead our certification and assurance programs—owning SOC 2 end‑to‑end and driving ISO 27001, ISO 27701, and ISO 42001 audit preparation and ongoing maintenance. You’ll be the program lead partnering with Security, Engineering, IT, Legal, and Sales to keep controls effective, risks managed, and customer trust high.

What You’ll Do

• Lead audits & certifications: Own preparation, execution, and ongoing maintenance for ISO 27001, ISO 27701, ISO 42001, and SOC 2, including gap analyses, remediation, evidence collection, auditor coordination, and management system documentation.
• Manage enterprise risk: Operate the security and enterprise risk program, maintain the risk register, perform system/vendor/AI risk assessments, and drive remediation and risk acceptance processes.
• Ensure control effectiveness: Design and execute control testing, track exceptions and corrective actions, and streamline compliance across frameworks (ISO, SOC 2, NIST, GDPR/CPRA, PCI, HIPAA/HITRUST).
• Oversee access governance: Lead periodic access reviews, enforce least-privilege and joiner/mover/leaver controls, and monitor privileged account usage.
• Drive vendor & third-party risk management: Conduct due diligence, risk tiering, contract security/privacy requirements, and ongoing monitoring of critical suppliers and partners.
• Support customer trust: Own security and privacy questionnaires, RFP responses, and Trust Center content; engage with customers and sales teams to communicate our security posture.
• Advance governance & privacy: Maintain the policy lifecycle, role-based training, and privacy processes.

What We’re Looking For

• 5–7+ years in GRC, audit, or risk—at least 3+ years leading ISO 27001 certification/surveillance cycles and SOC 2 Type II audits; hands-on experience with ISO 27701 and ISO 42001 or equivalent AI governance programs.
• Proven ownership of SOC 2 programs (scope, controls, evidence, auditor management) and continuous compliance in cloud‑first environments (AWS/Azure/GCP, SaaS).
• Strong ability to communicate compliance jargon effectively across the business, tailoring complex requirements for technical, operational, and executive audiences.
• Strong command of management systems (ISMS/PIMS/AIMS), Trust Services Criteria, control testing, sampling, and evidence sufficiency.
• Practical experience running access certifications, vendor risk reviews, and customer security questionnaires/RFPs at scale.

Why Join Doppel

• $120,000 - $140,000 USD
• Meaningful equity so you share in Doppel’s success
• Remote first culture with flexibility built in
• Flexible PTO, comprehensive health benefits, parental leave, and more
• A high growth environment where your work has immediate impact and visibility