[Remote] Sr. GRC Analyst

Note: The job is a remote job and is open to candidates in USA. QED Investors is a FinTech company dedicated to enhancing the financial well-being of its customers. They are looking for a detail-oriented Sr. GRC Analyst to support and advance their Governance, Risk, and Compliance program by leveraging automation tools and technical skills to optimize compliance workflows and identify security gaps.

Responsibilities

• Automated Compliance Monitoring: Review, audit, and monitor security compliance programs against frameworks like PCI-DSS, NIST CSFv2, and SOC 1/2, leveraging automation tools to continuously assess control health
• Process Optimization & AI Integration: Identify opportunities to leverage AI tools and LLMs to accelerate risk assessments, summarize complex regulatory requirements, and streamline process improvements
• Code-Assisted Evidence Collection: Lead and automate evidence collection for external audits (SOC 1, PCI Level 1), reducing manual overhead for engineering and product teams
• Identity & Access Management (IAM): Oversee user access management and quarterly user access reviews, exploring ways to automate provisioning audits and detect anomalies
• Cross-Functional Collaboration: Build and cultivate positive working relationships with engineering, DevOps, and product stakeholders to bake compliance directly into the CI/CD pipeline and cloud infrastructure

Skills

• B.S. degree in Computer Science, Information Systems, Cyber Security, or a related technical field
• 5–7 years of GRC or Security Engineering experience, ideally within a SaaS, FinTech, or Cloud-native company
• Solid understanding of Cloud Security compliance (AWS/Azure/GCP)
• Hands-on working experience with command line and scripting languages (Python, Bash, Powershell, etc) to parse logs, query APIs, and automate repetitive GRC tasks
• Familiarity with utilizing AI productivity tools, prompt engineering, or LLMs to optimize documentation, drafting, or data analysis
• Experience with security standards/frameworks such as PCI-DSS, NIST (800-53/CSF), and SOC 1/2 Type II
• Strong ability to clearly articulate technical risk to non-technical stakeholders and strategically collaborate cross-functionally
• CISSP, CISA, CISM, CCSP, or similar security certifications are a plus

Benefits

• A 401(k) with a 5% company match to help you build long-term financial security
• Flexible time off and paid parental leave
• An annual wellness allowance
• Comprehensive health coverage
• Udemy access
• Childcare assistance
• Pet insurance
• A bevy of additional savings through Beneplace

Company Overview

Company H1B Sponsorship