[Remote] Sr. GRC Analyst
Note: The job is a remote job and is open to candidates in USA. QED Investors is a FinTech company dedicated to enhancing the financial well-being of its customers. They are looking for a detail-oriented Sr. GRC Analyst to support and advance their Governance, Risk, and Compliance program by leveraging automation tools and technical skills to optimize compliance workflows and identify security gaps.ResponsibilitiesAutomated Compliance Monitoring: Review, audit, and monitor security compliance programs against frameworks like PCI-DSS, NIST CSFv2, and SOC 1/2, leveraging automation tools to continuously assess control healthProcess Optimization & AI Integration: Identify opportunities to leverage AI tools and LLMs to accelerate risk assessments, summarize complex regulatory requirements, and streamline process improvementsCode-Assisted Evidence Collection: Lead and automate evidence collection for external audits (SOC 1, PCI Level 1), reducing manual overhead for engineering and product teamsIdentity & Access Management (IAM): Oversee user access management and quarterly user access reviews, exploring ways to automate provisioning audits and detect anomaliesCross-Functional Collaboration: Build and cultivate positive working relationships with engineering, DevOps, and product stakeholders to bake compliance directly into the CI/CD pipeline and cloud infrastructureSkillsB.S. degree in Computer Science, Information Systems, Cyber Security, or a related technical field5–7 years of GRC or Security Engineering experience, ideally within a SaaS, FinTech, or Cloud-native companySolid understanding of Cloud Security compliance (AWS/Azure/GCP)Hands-on working experience with command line and scripting languages (Python, Bash, Powershell, etc) to parse logs, query APIs, and automate repetitive GRC tasksFamiliarity with utilizing AI productivity tools, prompt engineering, or LLMs to optimize documentation, drafting, or data analysisExperience with security standards/frameworks such as PCI-DSS, NIST (800-53/CSF), and SOC 1/2 Type IIStrong ability to clearly articulate technical risk to non-technical stakeholders and strategically collaborate cross-functionallyCISSP, CISA, CISM, CCSP, or similar security certifications are a plusBenefitsA 401(k) with a 5% company match to help you build long-term financial securityFlexible time off and paid parental leaveAn annual wellness allowanceComprehensive health coverageUdemy accessChildcare assistancePet insuranceA bevy of additional savings through BeneplaceCompany OverviewQED Investors is an investment firm that supports high-growth companies and businesses. It was founded in 2007, and is headquartered in Alexandria, Virginia, USA, with a workforce of 11-50 employees. Its website is http://www.qedinvestors.com.Company H1B SponsorshipQED Investors has a track record of offering H1B sponsorships, with 1 in 2021. Please note that this does not guarantee sponsorship for this specific role.