Juniper Square is hiring a Senior GRC Analyst

The Senior GRC Analyst will lead governance, risk, and compliance initiatives by maintaining certifications, managing customer trust, and ensuring effective risk frameworks. This role requires collaboration across teams to strengthen compliance and support organizational growth.

Responsibilities

• Maintain and onboard new and existing security compliance certifications such as SOC2 and ISO standards.
• Collaborate with cross-functional teams to collect control evidence and deliver timely reports to external auditors.
• Coordinate between internal teams and auditors to ensure efficient and seamless audit processes.
• Enhance audit workflows annually through automation and streamlining of controls.
• Continuously monitor and assess the effectiveness of compliance controls throughout the year.
• Act as the primary compliance subject matter expert across the organization.
• Evaluate business changes for potential impacts on compliance, including geographic expansion, tool changes, or new product lines.
• Keep the organization’s trust center updated with current security documentation and knowledge base materials.
• Assist sales teams in responding to customer inquiries about security and privacy.
• Review security and privacy addendums in customer contracts for compliance alignment.
• Support customer-led security and privacy audits with accurate documentation and responses.
• Partner with Sales and Solutions Engineering to educate teams on security and compliance posture.
• Create and maintain comprehensive security and privacy policies in collaboration with Legal, HR, IT, and Engineering.
• Update policies annually, incorporating stakeholder feedback and securing necessary approvals.
• Manage ongoing policy exceptions to ensure risks are properly evaluated and controlled.
• Design and implement role-specific security and privacy training programs with key business stakeholders.
• Oversee the rollout, escalation, and completion of all security and privacy training initiatives.
• Conduct regular phishing campaigns and integrate retraining into the process for improved awareness.
• Improve phishing reporting workflows and better align them with incident management procedures.
• Ensure the GRC function meets defined performance metrics and delivers measurable outcomes.
• Maintain monthly updates to business unit risk registers to address key risk areas.
• Collaborate on developing and guiding business units in implementing appropriately scoped risk remediation plans.
• Work with teams to onboard new business units into the organization’s risk management framework.
• Triage technical security requests related to vendor integrations and route them to the appropriate teams.
• Perform security risk assessments and audits of third-party vendors to evaluate their security maturity, controls, and documentation.

Requirements

• Bachelor's degree in information systems, engineering, business, risk management, or a related field.
• Minimum of 5 years of experience in GRC, security, or audit roles, including direct experience managing SOC2 or ISO 27001 programs.
• Familiarity with GRC frameworks and regulatory requirements.
• Proven experience building scalable GRC processes.
• Ability to manage multiple GRC projects concurrently.
• Skill in collaborating with stakeholders to provide risk guidance without imposing rigid barriers.
• Strong communication and interpersonal abilities.

Tech Stack

SOC2, ISO 27001, GRC frameworks

Benefits

• Health, dental, and vision insurance coverage for employees and their families.
• Life insurance benefits.
• Mental wellness support and coverage.
• Support for fertility and family-building needs.
• Flexible Time Off in addition to company-recognized holidays.
• Paid leave for family, medical, and bereavement situations.
• Retirement savings plans.
• Allowance to personalize remote work and technology setup.
• Annual stipend for professional development.

Compensation

The U.S. base salary range for this role is $135,000 to $190,000. Actual base salaries depend on experience, skills, location, and local minimum pay requirements. The position includes a base salary and a comprehensive benefits package.

Work Arrangement

hybrid — San Francisco, New York City, Mumbai, Bangalore, 27 U.S. states, 2 Canadian Provinces, India, Luxembourg, England — Employees can choose between fully remote work or working from physical offices. The company supports digital-first operations to enable effective collaboration across locations.

• Values-driven organization
• Digital-first operations
• Hybrid workplace strategy

Additional Information

• This role supports a digital-first hybrid workplace model.
• The company operates across multiple global locations.