Senior GRC Analyst
Doppler
Why Now
2026 has been a breakout year for Doppler. We’ve helped over 78,000 startups and enterprises manage their secrets at scale, and landed our first million-dollar customer. We've shipped some of our most exciting features yet, expanded our customer base, and sharpened our focus like never before. With a strong foundation in community, we're scaling and monetizing with ambitious goals across product, growth, sales, and hiring. The momentum is real and we’re just getting started.
About Doppler
Doppler's mission is to make it easy and secure for software developers of every experience level and teams of any size to manage their app configuration and secrets. But hasn't this been done?
Developers tend to be either struggling with the manual management of .env files, or wrestling with an overly complex secrets manager that's not built for software development. The rise of AI tooling has fundamentally expanded who and what has access to your secrets. The stakes have never been higher, and getting it wrong has real consequences. Doppler is the solution to fix this. Simple to adopt, easy to scale, and built for developers, by developers.
Our team is entrepreneurial, with a bias for action. We never back down from a spirited debate and believe we are all responsible for exploring the hard questions. We value self-awareness and meaningful impact. We are open to unconventional approaches and have learned not to judge a book by its cover. Your time is your most valuable resource, so you set your hours. We use Slack to communicate and default to zero meetings. We aim to document everything. We also recommend you invest your time in 10% compounding time.
Who We Are
Doppler is a developer-first secrets management platform that enables engineers and security teams to securely store their secrets across any cloud infrastructure or deployment environment at scale.
The Role
At Doppler, security is core to what we ship, not an afterthought - it's woven into our product. Customers come to us to be the trusted custodian of their most sensitive credentials: API keys, database passwords, service tokens. That means our compliance posture is something prospects scrutinize during procurement and something customers depend on to justify their trust. This role owns all of it.
As our Senior GRC Analyst, you'll be the owner of Doppler's security and compliance program; maintaining our SOC 2 Type II and ISO 27001 certifications, driving our next compliance initiatives, and acting as the internal expert and external face of security for enterprise customers. You'll work closely with engineering, product, sales, and customer success, and you'll bring an automation-first mindset to everything, building systems that reduce manual toil and move us toward continuous compliance rather than point-in-time audits.
This is an individual contributor role with meaningful company-wide impact. The person who thrives here is equally comfortable diving into a pen test report with engineers and presenting risk posture to leadership.
What you’ll do:
Compliance program ownership
Maintain Doppler's SOC 2 Type II and ISO 27001 certifications end-to-end: evidence collection, control monitoring, audit coordination, and deficiency remediation
Lead the compliance work for our next certifications, including gap assessments, policy updates, and required documentation
Evaluate additional certifications and attestations on an ongoing basis as customer and market requirements evolve
Own day-to-day administration of our GRC platform (Vanta), including control mapping, evidence workflows, and audit readiness
Risk and controls
Lead our security working group: facilitate regular risk identification sessions, policy updates, maintain the threat register, track remediation progress, and drive accountability across teams
Design and maintain security controls mapped to our chosen frameworks (SOC 2, ISO 27001, etc.), ensuring they're practical and consistently operating
Coordinate penetration testing cycles and work directly with engineering to track and close findings
Author and maintain security policies that are enforceable and grounded in regulatory requirements (GDPR, PCI, and others relevant to a secrets management provider)
Support business continuity and disaster recovery governance
Customer and sales enablement
Respond to security questionnaires and RFPs promptly and accurately. Doppler's customers are technical and expect precision
Participate in customer security reviews and calls; represent our compliance posture credibly to security teams, procurement, and compliance officers
Maintain public-facing trust documentation that reflects our actual program
Partner with sales on security-sensitive enterprise deals, especially in regulated industries or where compliance is a gating factor
Enablement and communication
Translate compliance status and risk posture into clear, non-jargon updates for leadership and cross-functional stakeholders
Lead security awareness and compliance training for internal teams
Influence engineering and product roadmaps where security controls intersect with product decisions
What you’ll bring to the table:
5+ years in security, compliance, or GRC, with direct ownership of SOC 2 Type II and ISO 27001 programs in a cloud product environment where you've run audit cycles, not just supported them
Hands-on experience with Vanta (or a comparable GRC platform) and a genuine interest in automating compliance workflows rather than relying on spreadsheets
Technical fluency: you can read a pen test report, understand cloud architecture decisions, and have substantive conversations with engineers about control design and risk tradeoffs
Strong understanding of how auditors think, ideally from having been on the auditor side, or from running enough cycles that you've internalized their perspective
Familiarity with PCI DSS and GDPR requirements; experience with self-attestation or certification work is a strong plus
Experience supporting enterprise sales cycles where security is a procurement requirement, including responding to complex security questionnaires
Excellent communication skills across audiences. You can brief the CEO on risk posture and turn around and explain the same issue to an engineer in implementation terms
Relevant certifications (CISA, CISSP, CISM, CRISC, or equivalent) preferred
Preferred experience:
Startup or high-growth environment experience
Experience with developer tools or infrastructure security background
Experience with trust center management
Familiarity with secrets management, credential security, or PKI.
Benefits
Equity at an early-stage, fast-growing startup
Premium health insurance (medical, dental, vision)
Guilt Free Unlimited PTO - 3-week minimum strongly encouraged!
Upward Mobility
Learning and Development Stipend
Wealth Advisor
401k
Pregnancy & Family Leave
Fertility & Adoption Benefits
Equal Compensation (regardless of gender or race)
For a full list of our benefits check our Perks Notion Page.
Closing
We've built a great product our customers love. Our churn is low, and active usage continues to rise. We just need to amplify our reach to educate the market that secrets management can be fast, secure, and affordable for teams and organizations of any size. And most importantly, we need to continue encouraging Developers to stop adhering to archaic insecure standards such as manually managing .env file formats.
Are you passionate about developer-focused products and ready to join an amazing team? Then we want to hear from you!
A final note - we highly encourage you to apply for this role, even if you don't feel entirely qualified, or entirely sure. You never know!
$130k - $160k
...Benepass | Candidate Resource Page Benepass Listed on Inc. Magazine's Best Workplaces of 2023 Team & Role As a Senior GRC Analyst at Benepass, you will help operate and mature the governance, risk, compliance, audit readiness, and customer assurance programs...SeniorWork at officeRemote workWork from homeFlexible hours- ...to its workforce, Kokosing is the winning team.Job Description:We are looking for a Security Governance, Risk, and Compliance (GRC) Analyst to support and mature our security and compliance programs across a large construction organization. This role focuses on maintaining...SeniorFor contractors
$140k - $165k
...while learning, having fun, and making a profound difference for the dreamers and builders in the world. We’re looking for a Senior GRC Analyst to serve as the primary architect for our expanding ISO ecosystem. As a Senior GRC Analyst at DigitalOcean, you will lead the...SeniorLocal areaWorldwideFlexible hours- ...Senior GRC Analyst Location: Atlanta, GA Need local with availibilty of onsite interview in required Type: 5-Month Contract (Possibility of Extension) GC/USC GRC frameworks (ISO 27001, NIST, GDPR, CMMC), risk assessment, compliance audits,...SeniorContract workLocal area
- ...Despite our growth and scale, we're still just getting started. That's where you come in. About the role We're hiring a Senior GRC Analyst to help scale Radar's security and compliance programs, with a focus on third-party risk and modern SaaS governance. You'...SeniorWork at officeRemote work
- ...Senior GRC Analyst Palo Alto, California Workato delivers enterprise infrastructure for the agentic era, redefining iPaaS and helping enterprises unify data, applications, processes, and AI into a single, governed platform. A leader in Enterprise MCP and trusted...SeniorRemote workFlexible hours
- ...The Role We Want You For Under the direction of and in collaboration with the GRC Manager, the Sr. GRC Analyst, Third-Party & Human Risk Management (TPHRM) is a risk focused, highly analytical role that ensures all human and third‑party risk to Clayco is identified, quantified...SeniorImmediate startFlexible hours
$132k - $165k
...Senior GRC Analyst Remote Garner's mission is to transform the healthcare economy, delivering high-quality and affordable care for all. We are fundamentally reimagining how healthcare works in the U.S. by partnering with employers to redesign healthcare benefits...SeniorWork at officeRemote workFlexible hours- ...entertainment related building projects. The Role We Want You For Under the direction of and in collaboration with the GRC Manager, the Sr. GRC Analyst, Risk Management is the primary owner and operational steward of the Enterprise Risk Register. This role is...SeniorFor contractorsImmediate startFlexible hours
$130k - $150k
...build with us at Crusoe. About This Role We're seeking a GRC Analyst to support the day-to-day execution of our Governance, Risk,... ...questionnaires and due diligence requests with guidance from senior team members Maintaining and updating audit and compliance...SeniorTemporary work$110k - $130k
...Senior GRC Analyst Blue J is the leading generative AI solution for tax professionals. As a B2B SaaS company, our customers are accountants and tax experts who rely on our market-leading software to deliver fast, accurate, and defensible answers to complex tax questions...SeniorWork at officeImmediate startRemote work- ...Senior GRC Analyst | Deltek, Inc You will be part of the GRC team responsible for assessment, audits of cloud environments, information systems, risk management, and security tools to ensure adherence to applicable frameworks, laws, and regulations. As a Senior GRC...SeniorRemote work
$130k - $160k
...Alumni Ventures is seeking a Senior GRC Analyst to operate and mature governance, risk, compliance, and audit readiness programs. This role involves collaboration across departments to ensure effective compliance practices. Ideal candidates have 5+ years in GRC and experience...SeniorRemote workFlexible hours$161.6k - $202k
...— and that responsibility demands a security and compliance program that scales with the business. We're building out our dedicated GRC team to improve and mature our program! You'll join the Security team and work across four pillars: security certifications (HITRUST...SeniorWork from homeFlexible hours- Itlearn360 is seeking an experienced Third Party Governance, Risk and Compliance (GRC) Analyst in Los Angeles, CA. The ideal candidate should have at least three years of experience, preferably with Big 4 consulting or in regulated industries. This role involves executing...Senior
- Amynta Group in Fort Worth is seeking a Senior GRC Analyst to enhance its risk management and compliance program. This hybrid role requires an individual to assess information security risks and support audits across operations. The ideal candidate should possess a Bachelor...Senior
- A global beverage solutions provider is seeking a Sr IT Governance Risk and Controls Analyst in Tampa, Florida. This role focuses on maintaining and improving the IT governance, risk, and compliance program, particularly in SOX compliance. Responsibilities include conducting...Senior
$119k - $193k
Phase2 Technology is seeking a Senior Analyst to conduct research and provide strategic advice to risk management leaders. The ideal candidate will possess a deep understanding of risk management trends, practices, and compliance management. This role involves producing...Senior- A staffing agency based in Dallas, Texas is seeking a Senior Security Analyst to identify and mitigate security risks within the IT environment.... ...Information Security or IT and at least 3 years of experience in GRC/risk management. Competitive compensation and benefits...Senior
- Forrester Research, based in Cambridge, MA, is seeking a Senior Analyst to deliver strategic advice and conduct research for risk management leaders. The ideal candidate will possess strong knowledge of risk practices, cyber risk quantification, and excellent communication...Senior
- AlixPartners GmbH in Southfield, MI is seeking an IS GRC Senior Analyst - Risk & Compliance. This role involves managing risk assessments, ensuring compliance with regulations, and collaborating with various departments. The position is full-time and requires prior experience...SeniorFull timeContract work
- A community-focused healthcare organization in California is seeking a Senior Analyst for IT Governance, Risk & Compliance. This role involves managing the Information Security GRC program, ensuring compliance with various regulations including HIPAA and PCI. Candidates...Senior
- Phase2 Technology is seeking a Senior Analyst to conduct research and provide strategic guidance for risk management leaders. The successful candidate will leverage their expertise in cyber risk quantification and risk management practices to deliver insights across multiple...Senior
- Gilder Search Group is looking for a Sr. GRC Analyst focusing on Third-Party & Human Risk Management in Atlanta, Georgia. This role involves risk analysis, compliance assessments, vendor management, and developing security awareness training. The ideal candidate has 6-8...Senior
- Gilder Search Group is looking for a Sr. GRC Analyst focused on Third-Party & Human Risk Management in St. Louis, Missouri. The role ensures all human and third-party risks to Clayco are identified and treated appropriately. Key responsibilities include owning the TPRM...Senior
- AlixPartners in Southfield, MI is looking for an IS GRC Senior Analyst - Risk & Compliance responsible for understanding security risks and compliance requirements. This position offers a hybrid work environment, combining in-office and remote work to support work-life...SeniorWork at officeRemote work
- A leading fast food company in Columbus, OH, is seeking a Senior Analyst specializing in Governance, Risk & Compliance. This role involves collaborating across departments to develop and implement security measures, risk assessments, and compliance with regulations like...Senior
- Crunchyroll is seeking an experienced Risk Analyst to support our Information Security GRC team. This role emphasizes governance, risk, and compliance, ensuring technology evolution aligns with employee needs and strategic goals. Successful candidates will have over 8 years...SeniorFlexible hours
- Sky Mavis is seeking a Senior GRC Analyst focused on Third-Party and Human Risk Management in St. Louis, Missouri. This role requires 6-8+ years of experience in Risk Assessment and Information Security, with strong analytical skills. You will lead the Vendor Risk Management...Senior
- Radar is hiring a Senior GRC Analyst in New York City to enhance security and compliance programs, focusing on third-party risk and SaaS governance. You will work with various teams to evaluate vendors, shape security strategies, and improve workflows, reporting to the...Senior
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Senior GRC Analyst. Be the first to apply!
- grc analyst United States
- senior licensing manager United States
- senior cloud service delivery manager United States
- senior business analyst contract United States
- senior product design engineer United States
- senior game producer United States
- senior software manager United States
- senior creative strategist United States
- senior manager business analytics United States
- senior marketing account manager United States

