Sr Analyst, Governance Risk and Compliance

Introduction to Demandbase:

Demandbase is the only pipeline AI platform that empowers GTM teams to automate growth at scale. With a unified view of data, insights, actions, and outcomes, B2B enterprises can seamlessly align and execute their account-based GTM strategies with confidence. Thousands of businesses trust Demandbase to maximize revenue, minimize waste, and consolidate their data and tech stacks – all in one platform.

As a company, we’re as committed to growing careers as we are to building world-class technology. We invest heavily in people, our culture, and the community around us. We have also continuously been recognized as One of The Best Places To Work in the San Francisco Bay Area by Fortune, and One of The 60 Best Companies To Sell For by Selling Power. Our offices are located in San Francisco, New York, Austin, Seattle, India, and the United Kingdom.

About the Role

As a Senior GRC Analyst, you will play a key role in advancing Demandbase’s global Governance, Risk, and Compliance (GRC) program. This role requires a balance of hands-on execution and independent judgment, ensuring that compliance requirements are not only met, but translated into meaningful risk management outcomes.

Reporting to the Senior Director of GRC, you will work cross-functionally to drive audit readiness, assess risk, and strengthen the company’s security and compliance posture. You will be expected to operate with a high degree of independence, taking ownership of work from initial assessment through final validation and closure.

This is an opportunity to contribute directly to a growing global security program and build deep expertise across governance, risk, compliance, and emerging domains such as AI assurance.

This is a fully remote position based in India. Some flexibility is required for calls during the U.S. business hours each week. Candidates should be able to accommodate 2–3 late evening calls per week (IST), typically between 6:30–10:00pm IST.

Roles & Responsibilities

Execution & Ownership

• Independently execute audit and compliance activities, including walkthroughs, control testing, and evidence review

• Drive audit findings and remediation efforts through to completion, ensuring issues are fully validated and appropriately closed

• Take ownership of deliverables and ensure they are complete, accurate, and ready for use without rework

• Identify gaps during execution and proactively drive resolution or escalate where needed

Risk Analysis & Decision Support

• Analyze risk and compliance data to identify trends, gaps, and areas of concern

• Translate findings into clear, prioritized actions that can inform business decisions

• Move beyond reporting to ensure outputs are actionable and tied directly to risk outcomes

• Provide input into risk posture and help guide where attention and resources should be focused

Framework Application & Practical Implementation

• Apply working knowledge of frameworks such as ISO 27001, ISO 27701, ISO 42001, SOC 2, and NIST to real-world scenarios

• Translate control requirements into practical implementation steps for technical and business teams

• Ensure controls are not only documented, but operationally effective and aligned to risk

Policy & Documentation Management

• Maintain and update policies and documentation with a focus on accuracy, clarity, and usability

• Perform end-to-end validation of documentation, including verifying links, references, and consistency

• Identify and clearly communicate gaps in documentation, even when ownership resides with another team

• Ensure documentation reflects current state and supports audit and compliance needs

Cross-Functional Collaboration

• Work with engineering, product, and business teams to drive compliance outcomes

• Communicate clearly with both technical and non-technical stakeholders

• Navigate ambiguity and move work forward by identifying next steps and removing blockers

• Balance collaboration with ownership of outcomes, not just coordination

Qualifications

• 4–8+ years of experience in Governance, Risk, Compliance, Security, or Audit roles

• Strong working knowledge of ISO, SOC 2, and/or NIST frameworks

• Experience supporting or executing audit and compliance activities

• Ability to evaluate evidence and determine whether it adequately addresses risk

• Strong analytical skills with the ability to move from data to insight to action

• Clear and confident communication skills across global teams

• Candidates should demonstrate prior experience independently owning and driving audit, risk, or compliance work to completion, including validating deliverables and determining next steps without relying on continuous direction

• Bachelor’s or Master’s degree in Computer Science, Information Systems, Information Security, or a related field

Preferred

• Experience in a SaaS or technology company

• Experience with GRC tools (Hyperproof, Vanta, MetricStream, etc.)

• Exposure to AI governance, third-party risk, or security reviews

• Relevant certifications such as CISA, CISM, CRISC, ISO 27001 Lead Auditor/Implementer, or equivalent are preferred, but not required.

Benefits

Our benefits include Group Medical, Personal Accident, and Term Life Insurance for comprehensive protection. Preventive healthcare covers dental, vision, and OPD needs, complemented by strong mental health support. We also provide a fitness benefit, car lease policy, and gratuity for long-term financial well-being.

Our Commitment to Diversity, Equity, and Inclusion at Demandbase

At Demandbase, we believe in creating a workplace culture that values and celebrates diversity in all its forms. We recognize that everyone brings unique experiences, perspectives, and identities to the table, and we are committed to building a community where everyone feels valued, respected, and supported. Discrimination of any kind is not tolerated, and we strive to ensure that every individual has an equal opportunity to succeed and grow, regardless of their gender identity, sexual orientation, disability, race, ethnicity, background, marital status, genetic information, education level, veteran status, national origin, or any other protected status. We do not automatically disqualify applicants with criminal records and will consider each applicant on a case-by-case basis.

We recognize that not all candidates will have every skill or qualification listed in this job description. If you feel you have the level of experience to be successful in the role, we encourage you to apply!

We acknowledge that true diversity and inclusion requires ongoing effort, and we are committed to doing the work required to make our workplace a safe and equitable space for all. Join us in building a community where we can learn from each other, celebrate our differences, and work together.

Unsolicited Submissions

At Demandbase, we value thoughtful partnerships and direct connections with candidates. We’re not accepting unsolicited resumes or outreach from third-party recruiting agencies. Any unsolicited submissions will not be reviewed, and no fees will be paid.