Senior GRC Analyst

Introduction to Demandbase

At Demandbase, we empower B2B companies to achieve their revenue goals faster and more efficiently—using fewer resources. How? By harnessing the power of AI to pinpoint and engage the accounts and buying groups most ready to buy. Our cutting-edge account-based technology aligns sales and marketing teams with crystal-clear insights and seamless automation, driving smarter actions across systems and channels. The result? Bigger wins, faster deals, and scalable ABM built for the way you work."

As a company, we prioritize both the advancement of careers and the development of world-class technology. We invest heavily in people, our culture, and the communities around us. We have offices strategically located in San Francisco, New York, and Austin in the US as well as London. Outside of these areas we offer a remote work option for some of our positions. Continuously lauded as a great place to work, we are Great Place to Work Certified, and have earned distinctions such as "Fortune's Best Workplaces in the Bay Area,"Best Workplaces in Technology," "Best Workplaces for Millennials," and "Best Workplaces for Parents"!

We're committed to attracting, developing, retaining, and promoting a diverse workforce. By ensuring that every Demandbase employee is able to bring a diversity of talents to work, we're increasingly capable of achieving our mission to transform the way B2B companies go to market. We encourage people from historically underrepresented backgrounds and all walks of life to apply. Come grow with us at Demandbase!

About the Role

As a Senior GRC Analyst, you will play a pivotal role in advancing Demandbase’s global Governance, Risk, and Compliance (GRC) program. Reporting to the Senior Director of GRC, you will partner across teams to strengthen our compliance framework, manage audits, perform risk assessments, and drive continuous improvement in our security and privacy posture.
You will help ensure ongoing alignment with global standards such as ISO 27001, ISO 27701, ISO 42001, and SOC 2, while contributing to the maturity of our enterprise risk and compliance operations. This is an opportunity to make a significant impact on a growing, global security program and advance your expertise in governance, risk, compliance, and AI assurance.

What you’ll be doing

Governance, Risk & Compliance Execution

• Perform walkthroughs, control testing, and evidence collection across IT systems, applications, and infrastructure to support internal and external security audits.
• Conduct and assist in risk assessments, identifying and tracking remediation efforts to resolution.
• Support audits and assessments by coordinating with internal stakeholders and external auditors, ensuring timely and complete corrective actions.
• Maintain documentation and dashboards within GRC tools (e.g., MetricStream, Hyperproof, Vanta) to monitor compliance posture and progress.

Frameworks & Program Development

• Contribute to maintaining and improving compliance programs in alignment with ISO 27001, ISO 27701, ISO 42001, SOC 2, and other relevant standards (NIST CSF, NIST 800-53, RMF).
• Collaborate with technical and business teams to translate regulatory and control requirements into practical implementation steps.
• Support operationalization of Business Continuity, Disaster Recovery, and Incident Response processes and exercises.
• Contribute to the design and governance of emerging compliance domains, including AI Governance, Third-Party Risk Management, and Security Reviews.

Culture, Communication & Continuous Improvement

• Promote security and privacy awareness across the organization through training, education, and engagement initiatives.
• Review and refine customer- and public-facing communications related to privacy, compliance, and security.
• Identify opportunities to improve the data lifecycle (inventory, governance, retention, and protection).
• Partner with cross-functional teams to enhance operational resilience and embed compliance best practices into daily workflows.

Qualifications

• 5+ years of experience in Information Security, GRC, ERM, compliance, audit, or internal controls, preferably in a cloud-based technology company.
• Strong understanding of IT and cloud security controls, including Information Security, Business Continuity, Disaster Recovery, Vendor Management, and SDLC processes.
• Familiarity with global frameworks and standards (ISO 27001, ISO 27701, ISO 42001, SOC 2, NIST CSF, NIST 800-53, RMF).
• Proven ability to work across business and technical domains, translating complex control requirements into actionable solutions.
• Excellent communication, organization, and stakeholder management skills.
• Experience managing GRC platforms and compliance dashboards (e.g., MetricStream, Hyperproof, Vanta).
• Strong project management background with experience coordinating complex, cross-functional initiatives.
• Flexible and self-driven, able to thrive in a dynamic, fast-paced environment.
• Bachelor’s or Master’s degree in Computer Science, Information Systems, Engineering, or a related field.

Our Commitment to Diversity, Equity, and Inclusion at Demandbase

At Demandbase, we believe in creating a workplace culture that values and celebrates diversity in all its forms. We recognize that everyone brings unique experiences, perspectives, and identities to the table, and we are committed to building a community where everyone feels valued, respected, and supported. Discrimination of any kind is not tolerated, and we strive to ensure that every individual has an equal opportunity to succeed and grow, regardless of their gender identity, sexual orientation, disability, race, ethnicity, background, marital status, genetic information, education level, veteran status, national origin, or any other protected status. We do not automatically disqualify applicants with criminal records and will consider each applicant on a case-by-case basis.

We recognize that not all candidates will have every skill or qualification listed in this job description. If you feel you have the level of experience to be successful in the role, we encourage you to apply!