Senior Governance, Risk & Compliance (GRC) Analyst

Location: Boston/Marlborough Hybrid (3 days) or Remote US

Role Overview

Nasuni is seeking a Senior GRC Analyst to strengthen and scale our governance, risk, and compliance programs across a fast-growing, AI-ready SaaS platform. This role owns critical audit, risk, and policy initiatives that directly impact customer trust, regulatory posture, and business scalability.

You’ll operate at the intersection of security, engineering, legal, and operations—ensuring our controls are effective, auditable, and continuously improving.

This role is ideal for someone who has led audit and risk programs end-to-end, not just supported them, and who is motivated to modernize GRC through automation and intelligent tooling.

Level & Scope Definition

• Owns execution and continuous improvement of core GRC programs
• Operates independently across multiple compliance frameworks
• Influences cross-functional stakeholders without direct authority
• Balances execution (audits, controls) with program optimization
• Contributes to scalable, automation-driven GRC operations

Responsibilities

Audit & Compliance

• Lead SOC 1, SOC 2, ISO 27001 audits end-to-end (planning → evidence → remediation)
• Partner with auditors and internal teams to ensure timely, accurate audit delivery
• Track and drive remediation of control gaps with accountable owners

Policy & Governance

• Own lifecycle of security policies, standards, and control documentation
• Align policies to evolving regulatory and business requirements
• Facilitate cross-functional policy reviews and approvals

Enterprise Risk Management

• Conduct enterprise risk assessments and maintain risk register
• Partner with business leaders to prioritize and mitigate risk
• Deliver risk insights and reporting to leadership for decision-making

Third-Party Risk Management

• Own vendor risk assessments, onboarding, and periodic reviews
• Build scalable due diligence and monitoring processes
• Partner with procurement and legal on vendor risk decisions

Security Awareness

• Lead security awareness and training programs (phishing, compliance training)
• Measure effectiveness and continuously improve engagement

GRC Operations & AI Enablement

• Manage GRC platforms (e.g., Vanta, Drata, OneTrust)
• Identify and implement automation opportunities in evidence collection, risk tracking, and reporting
• Leverage AI tools to improve control monitoring, audit readiness, and workflow efficiency

Qualifications

Must-Have

• 5–9 years in GRC, security compliance, or risk within SaaS/cloud environments
• Direct ownership of SOC 2 and/or ISO 27001 audits
• Experience managing control frameworks and audit evidence lifecycle
• Strong understanding of risk assessment methodologies
• Proven ability to drive remediation across cross-functional teams

Preferred

• Experience with third-party risk programs
• Familiarity with GRC tools (Vanta, Drata, LogicGate, OneTrust)
• Experience in high-growth SaaS or PE-backed environments

Ideal

• Certifications: CISA, CISM, CISSP, CRISC, ISO 27001 Lead
• Experience scaling GRC programs or implementing automation
• Exposure to HIPAA, GDPR, or NIST frameworks

Experience Guidelines

• 5–9 years total experience
• 2+ years directly owning audits or compliance programs
• Experience operating in environments with multiple concurrent audits

About Nasuni & Why Work Here (US Boston/Marlborough / Remote)

Nasuni is the unstructured data foundation for enterprise teams—and the AI that supports them. As a Vista-backed SaaS data infrastructure company, we help organizations manage, protect, and activate massive volumes of file data—transforming it into secure, AI-ready assets for innovation and growth.

Our unified File Data Platform eliminates infrastructure silos and enables global collaboration, resilience, and intelligent automation at scale.

At Nasuni, you’ll work at the intersection of cloud, security, and AI—solving complex challenges alongside a team that values ownership, innovation, and impact. Whether based remotely or in our Boston-area offices, you’ll contribute to a platform trusted by enterprises worldwide while growing your expertise in modern, AI-enabled data infrastructure.

Why work at Nasuni?   

 

As part of our commitment to your well-being, we are pleased to offer comprehensive benefits packages to employees across the US.  Benefits packages generally include:     

• Best in class employee onboarding and training 
• "Take What You Need” paid time off policy 
• Comprehensive health, dental and vision plans 
• Company-paid life and disability insurance 
• 401(k) and Roth IRA retirement plan 
• Generous employee referral bonuses 
• Flexible remote work policy 
• 10 Paid Holidays 
• Wide array of wellbeing offerings 
• Pre-tax savings accounts with company contributions 
• Great team culture and social activities 
• Collaborative workspaces 
• Free on-site fitness centers and stocked kitchens in select office locations 
• Professional development resources 

Compensation Transparency: 

In accordance with U.S. pay transparency laws, Nasuni is committed to providing visibility into compensation for all U.S.-based roles. Click HERE to view our compensation ranges by job grade. Actual compensation will be based on a variety of factors, including a candidate’s experience, skills, education, and work location.

To all recruitment agencies: Nasuni does not accept agency resumes. Please do not forward resumes to our job boards, Nasuni employees or any other company location. Nasuni is not responsible for any fees related to unsolicited resumes.

Nasuni is an equal opportunity employer. The equal employment opportunity policy at Nasuni protects employees and job applicants from discrimination on the bases of race, religion, color, sex (including pregnancy, gender identity, and sexual orientation), parental status, national origin, age, disability, family medical history or genetic information, political affiliation, military service, or other non-merit based factors. These protections extend to all management practices and decisions, including recruitment and hiring practices, appraisal systems, promotions, and training and career development programs.