Governance, Risk, and Compliance Analyst
$150k - $180kY.O.U.
Governance, Risk, and Compliance Analyst
San Francisco (Hybrid)
At You.com, we are building the AI Search Infrastructure that powers modern AI systems. Our goal is to create the trusted knowledge layer that agents, applications, and enterprises rely on to retrieve real-time, accurate, and citation-backed information.
Our platform combines proprietary vertical indexes with LLM-optimized retrieval systems to power AI agents, applications, and enterprise workflows. We are solving hard problems across search, large language models, and large-scale infrastructure to make AI systems more reliable, transparent, and useful.
Our team includes engineers, researchers, product builders, and operators who care about solving meaningful problems and delivering real-world impact. Whether you are improving core infrastructure, shaping product experiences, or helping bring new AI capabilities to market, your work will help define how modern AI finds and uses knowledge.
The Role
We're looking for a GRC Analyst to join our growing Security, IT, and Privacy function. You'll be the backbone of all the compliance work at the intersection of Engineering, Legal, and Product. This role will build and maintain the compliance programs as part of the security team. Our goal is simple: earn and keep the trust of our customers. The right person translates security and risk into terms that the business and product teams can act on.
Key Responsibilities
- Own and manage compliance programs across frameworks including SOC 2, ISO 27001, GDPR, CCPA, HIPAA, and FedRAMP
- Coordinate audit activities end-to-end: evidence collection, documentation, auditor responses, and remediation tracking
- Leverage AI and other tools to deliver metrics that stakeholders can consume and understand
- Conduct vendor and third-party risk assessments; manage the due diligence lifecycle for new and existing partners
- Help manage security and risk reviews (e.g. DDQs, VSQs) as part of the procurement process in collaboration with the Legal, Finance, and Security team
- Assist with building and maintaining compliance policies, procedures, and supporting documentation for security and compliance
- Translate regulatory and contractual requirements into actionable controls and processes
- Monitor the evolving regulatory landscape (especially AI-specific regulations) and flag relevant obligations
- Support Privacy-by-Design reviews for new product features and data practices
- Track open compliance items and proactively drive them to closure across stakeholders
Requirements
- 3–5 years of experience in GRC, Information Security compliance, or a related field
- Hands-on experience with SOC 2 or ISO 27001 audits, including evidence collection and gap assessments
- Familiarity with privacy regulations: GDPR, CCPA, and ideally emerging AI regulatory frameworks (EU AI Act, etc.)
- Experience managing vendor risk assessments and third-party due diligence processes
- Strong written and verbal communication skills. You can explain compliance requirements to engineers and legal concepts to product managers
- Highly organized, able to manage multiple workstreams and deadlines without dropping the ball
- Comfortable working independently in a fast-paced environment with limited process overhead
- Leverage AI to help build automation and data analysis workflows for reporting and tracking
Bonus Points For:
- Experience at an AI or search company
- Familiarity with data broker or data licensing compliance
- CISA, CISM, or CRISC
Our salary bands are structured based on a combination of geographic tiers and internal leveling. Compensation is determined by multiple factors assessed during the interview process, with the final offer reflecting these considerations.
Salary Band
$150,000 - $180,000 USD
Company Perks:
- Hubs in San Francisco and New York City offering regular in-person gatherings and co-working sessions
- Flexible PTO with U.S. holidays observed and a week shutdown in December to rest and recharge*
- A competitive health insurance plan covers 100% of the policyholder and 75% for dependents*
- 12 weeks of paid parental leave in the US*
- 401k program, 3% match - vested immediately!*
- $500 work-from-home stipend to be used up to a year of your start date*
- $600 technology stipend to support a portion of our hybrid/remote team's cell phone and internet expenses*
- $1,200 per year Health & Wellness Allowance to support your personal goals*
- The chance to collaborate with a team at the forefront of AI research
*Certain perks and benefits are limited to full-time employees only
You.com participates in E-Verify. We will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's Form I-9 to confirm work authorization. (English/Spanish: E-Verify Participation / Right to Work ) We are also an inclusive, equitable, and accessible workplace. Please let us know if you require accommodation for any portion of the recruitment and hiring process.
Beware of recruiting scams: You.com will only contact you through official @ You.com email addresses and will never ask for payment or sensitive personal information during the hiring process.
$135k - $165k
...foundational to our platform and customer relationships. As we continue to scale, we are looking for a highly motivated Governance, Risk & Compliance (GRC) Analyst to support and mature Ivo's security compliance and risk management programs. Why Ivo? Every civilization runs...SuggestedContract workFlexible hours$161.6k - $202k
...millions of patients — and that responsibility demands a security and compliance program that scales with the business. We're building out our... ...certifications (HITRUST, SOC 2, PCI-DSS, HIPAA), third-party risk management, security awareness training, and technical risk...SuggestedWork from homeFlexible hours- ...managing evidence collection, conducting risk assessments, maintaining policies and... ...3-5 years of experience in Governance, Risk & Compliance (GRC), Information Security, IT Audit... ...a detail-oriented and proactive GRC Analyst to support the company's compliance,...Suggested
- Simile in San Francisco is seeking a Governance, Risk, and Compliance (GRC) Analyst to ensure the integrity of our AI systems. The role revolves around developing security policies, managing compliance, and fostering a culture of security awareness across the company....Suggested
$140k - $178k
...achieve their truth-finding goals. As a GRCT Analyst, you will independently drive moderately complex trust, compliance, and risk workstreams that help Everlaw scale... ...recommendations. Support internal risk and governance processes, including security impact analyses...SuggestedFull timeLocal areaImmediate startRemote workFlexible hoursShift work$122k
...Requisition ID # 173293 Job Category: Compliance / Risk / Quality Assurance Job Level:... ...Overview The Compliance Strategy and Governance department in Enterprise Risk and Compliance... ...The Risk and Compliance Expert Analyst is focused on compliance management activities...Full timeContract workWork experience placementWork at officeRemote work- Ivo Inc. is seeking a GRC Analyst to support compliance and risk management initiatives in their San Francisco office. This is a crucial role designed... ...candidate will have 3-5 years of experience in Governance, Risk & Compliance, and be skilled in audits and evidence...Work at office
- United States Digital Space LLC is seeking a Security Risk and Compliance Analyst in San Francisco. You will enhance and operate compliance programs, focusing on controls maturity and audit execution. This role offers a unique opportunity for those with GRC experience to...
- Ivo is looking for a proactive GRC Analyst to enhance its compliance programs including SOC 2 Type II and ISO 27001. The role demands a detail-oriented... ...responsible for managing compliance initiatives and risk assessments while ensuring close collaboration with teams...
- You.com is looking for a GRC Analyst to join our Security, IT, and Privacy function in San... ...will be crucial in building and maintaining compliance programs and ensuring trust with our... ...various frameworks and conducting vendor risk assessments. The ideal candidate has 3-5...
$130k - $150k
...believes in each other, come build with us at Crusoe. About This Role We're seeking a GRC Analyst to support the day-to-day execution of our Governance, Risk, and Compliance program. Reporting to the Head of GRC, this role focuses on operational compliance activities...Temporary work$65 - $85 per hour
...Senior GRC Analyst - Security & Compliance LHH Recruitment Solutions is partnering with a high-growth, cloud-native SaaS organization to... ...offers a unique opportunity to take ownership of a growing governance, risk, and compliance program within an innovative technology...Hourly payContract workTemporary workWork at officeLocal area$125k - $200k
...: making stuff secure and compliant. You will connect governance, risk management, and compliance to protect our organization and our customers without... ...Manage Compliance & Audits: Act as a Customer Trust Analyst to address security-related inquiries. Track compliance...Flexible hours$130k - $160k
...Role Overview As a Security Risk and Compliance Analyst you will play a hands‑on role in maturing and operating the company’s compliance and... ...programme—specifically across controls maturity, policy governance, and audit execution. This role sits at the intersection...InternshipWork at officeLocal areaWork from homeWorldwide$193.8k - $228k
Senior GRC Analyst II job at Carta. San Francisco, CA. The Problems You'll Solve As a Senior GRC Analyst... ...and accordingly establish and maintain governance and risk frameworks. You will build and run security compliance programs to measure and reduce risk, report compliance...Full time$135k - $165k
Icehouseventures is seeking a proactive GRC Analyst to join our team in San Francisco. This role will support compliance and risk management initiatives essential for maintaining high security standards. The ideal candidate will have 3-5 years of experience in GRC and relevant...Contract work- Ivo is looking for a detail-oriented Governance, Risk & Compliance (GRC) Analyst in San Francisco. The ideal candidate will support compliance programs such as SOC 2 Type II and ISO 27001 while managing audits and risk assessments. This onsite role offers a competitive...
$150k
Crusoe Energy Systems LLC is looking for a GRC Analyst in San Francisco, CA to support their Governance, Risk, and Compliance program. The role includes managing user access reviews, supporting audits, and leveraging AI tools for process improvements. Ideal candidates...$93.8k - $116.3k
...adapted to their culture and working methods. We help clients strategize and scale leveraging deep expertise and solutions in compliance and risk management, strategic technology partnerships, data science, operations and business analysis and mergers and acquisitions....Work at officeRemote workWorldwideVisa sponsorshipWork visaFlexible hours3 days per week$110k - $120k
...Senior Compliance Associate, North America - 12 Month Contract The Senior Compliance Associate contributes Compliance expertise to the Risk and Compliance and Money Transmission Licensing function as well as to other departments within OFX to ensure all areas have the...Contract workFlexible hours- ...Compliance Officer This position is within the Administrative Services Group Compliance Function and is responsible for taking a lead... ...Corporate Compliance Monitors major and critical compliance risks issues Oversees the implementation of training programs Disseminates...
$105.5k - $145.9k
...bank's financial operations while ensuring compliance with regulatory expectations. The team... ...across Finance, Treasury, Operations, Risk, and Compliance. As the Bank Accounting... ...reporting evidence in accordance with governance requirements. Contribute to process improvement...Summer workCurrently hiringLocal areaRemote workWork from home- ...in San Francisco is looking for an Associate GRC Analyst to join our security team. In this role, you will support cybersecurity governance, compliance, and audit functions by gathering evidence, conducting vendor risk assessments, and maintaining documentation. This position...
$95k - $130k
...LiveRamp is seeking a Security GRC Analyst in San Francisco to support security risk management, compliance, and reporting efforts. You will collaborate closely with various teams to address and mitigate risks while maintaining high compliance standards. The ideal candidate...Remote work- The Goldman Sachs Group is seeking an Associate for their Global Compliance team in San Francisco. This role involves monitoring compliance, assessing financial products for suitability, and advising on regulations. Ideal candidates will possess a Bachelor's degree and...
- ...join their San Francisco office. In this client-facing role, you will lead engagements that deliver impactful solutions across risk, compliance, and operations. The ideal candidate will have 1-4 years of consulting experience and a strong grasp of industry challenges....Work at office
$140k
...Level: Manager/Principal Business Unit: Gen Counsel, Ethics, Risk & Compliance Work Type: Hybrid Job Location: Oakland... ...natural disasters. Functions include development and oversight of governance procedures, risk modeling and analytics, regulatory strategy...Work at officeRemote work- ...Our client in the investment banking space is looking for an analyst to support the firm's compliance function. This person will focus on conflicts clearance, restricted/watch lists, and information wall management. This position requires strong analytical skills, sound...
$140k - $185k
...About This Posting This job description represents a sample Fund Compliance Analyst position commonly found through the Career Launch AI Talent... ...to ensure that funds operate within legal, regulatory, and risk parameters. These roles often involve collaboration with legal...Full time- ...Job Description The Compliance Analyst is primarily responsible for monitoring monthly compliance audits in the B2Gnow System. This includes... ...to analyze data to identify compliance issues and access risks in support of program goals. Required Qualifications...Contract workFor contractorsFor subcontractor
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Governance, Risk, and Compliance Analyst. Be the first to apply!
- operational risk specialist San Francisco, CA
- risk analyst San Francisco, CA
- risk compliance officer San Francisco, CA
- governance risk & compliance analyst San Francisco, CA
- risk officer San Francisco, CA
- senior quantitative risk analyst San Francisco, CA
- third party risk analyst San Francisco, CA
- operational risk consultant San Francisco, CA
- it risk analyst San Francisco, CA
- risk consultant San Francisco, CA

