Governance, Risk & Compliance (GRC) Analyst

Governance, Risk & Compliance Analyst

Ivo is an AI-powered contract review and legal technology company transforming how organizations review, negotiate, and manage contracts. Security, privacy, and trust are foundational to our platform and customer relationships. As we continue to scale, we are looking for a highly motivated Governance, Risk & Compliance (GRC) Analyst to support and mature Ivo's security compliance and risk management programs.

Ivo is seeking a detail-oriented and proactive GRC Analyst to support the company's compliance, risk management, and security assurance initiatives. This role will play a key part in maintaining and enhancing Ivo's compliance programs, including SOC 2 Type II, ISO 27001, CSA STAR, and ISO/IEC 42001.

The ideal candidate has experience supporting security audits, managing evidence collection, conducting risk assessments, maintaining policies and procedures, and partnering cross-functionally with engineering, IT, legal, HR, and business stakeholders. This is a fully onsite role based out of Ivo's San Francisco headquarters to support close cross-functional collaboration with Security, Engineering, IT, and Operations teams.

Responsibilities include:

• Support and coordinate Ivo's compliance programs including SOC 2 Type II, ISO 27001, CSA STAR, and ISO/IEC 42001.
• Assist with annual audits, surveillance audits, and customer security assessments.
• Coordinate evidence collection and maintain audit readiness across teams.
• Support and maintain Ivo's Vanta GRC platform and associated compliance workflows.
• Monitor automated compliance evidence collection and control monitoring within Vanta.
• Perform vendor and third-party risk assessments.
• Support enterprise risk management and risk register maintenance.
• Maintain and update security policies, standards, and procedures.
• Support AI governance and responsible AI compliance initiatives.

Required qualifications include:

• 3–5 years of experience in Governance, Risk & Compliance (GRC), Information Security, IT Audit, or related field.
• Hands-on experience supporting SOC 2 Type II, ISO 27001, CSA STAR, and in-depth knowledge of ISO/IEC 42001.
• Experience administering or working extensively with Vanta or similar GRC/compliance automation platforms.
• Experience managing and maintaining a customer-facing Trust Center, including security documentation, compliance artifacts, sub-processor disclosures, and customer assurance materials.
• Strong understanding of information security principles and common security controls.
• Experience with audits, evidence management, and customer security reviews.
• Excellent written and verbal communication skills.

Preferred qualifications include:

• Experience working at a SaaS or AI company.
• Familiarity with GDPR, CCPA, privacy regulations, and third-party risk management.
• Knowledge of cloud environments such as GCP, AWS, or Azure.
• Relevant certifications such as Security+, CISA, CRISC, CCSK, or ISO 27001 Lead Implementer/Auditor.

What we're looking for includes:

• Strong attention to detail and accountability.
• Collaborative mindset with strong cross-functional communication skills.
• Ability to translate compliance requirements into practical operational processes.
• Interest in emerging AI governance and security frameworks.
• Self-starter mentality with a continuous improvement mindset.

Compensation and benefits include:

• Competitive salary ($135k - $165k) and equity package.
• Comprehensive health, dental, and vision coverage.
• Flexible PTO.
• Collaborative onsite work environment (5 days) at Ivo's San Francisco headquarters.
• Opportunity to help shape the security and compliance foundation of a rapidly growing AI company.

Ivo is an equal opportunity employer and values diversity at all levels of the organization. We celebrate diversity and are committed to creating an inclusive environment for all employees.