Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Sr. GRC Analyst

$95k - $105k

Subsplash

Job Description

Job Description

Sr. GRC Analyst About Subsplash

Subsplash is an exciting award-winning team of 280+ mission-driven people who are committed to our core values of humility, innovation, and excellence. Founded in 2005, we've remained family owned and operated while pioneering the market with the first ever church mobile app. Since then, we've been working together to build The Ultimate Engagement Platform™ for churches, Christian ministries, non-profits, and businesses around the world. We find excitement in serving our 14,000+ clients, creating impactful products, and delighting the millions of people who use our platform every day. Subsplash has won awards for best mobile experience, been voted top 100 Washington's Best Workplaces by the Puget Sound Business Journal, created some of the most downloaded apps of all time, and built enterprise software for world-class brands like XBOX, Microsoft, Samsung, Expedia, and Cisco; yet, at the end of the day, we love making a lasting impact and a difference in our world.

Working at Subsplash is more than just a job; we are a team of people who are courageous, inventive, and passionate about doing meaningful work every day. Don't take our word for it—head to Glassdoor and see for yourself!

About the Team

The IT Team at Subsplash is the foundation that maintains all the activities and services that are required to support business functions as well as ensuring proper security across all IT systems. We are passionately focused on delivering delightful support to our internal customers. We achieve this by providing robust day-to-day technical support that empowers our fellow Subsplash employees to perform their best work most often. Beyond daily technical support, our team handles crucial functions such as access management, user provisioning and deprovisioning, new hardware and software setup, and diligently works to keep our dues and subscription spend under budget.

About the Role

The Senior GRC Analyst acts as a strategic lead to advance security and risk operations. In this role, you will integrate people, policy, and technology to drive operational excellence and framework maturity. You will be responsible for identifying security gaps, implementing best practices, and maturing our control environment to ensure we stay ahead of evolving regulatory and threat landscapes. We are building an AI-first compliance function, and this role is expected to lead from the front in identifying and deploying AI tools that scale our GRC program.

Compensation
  • The total compensation for this position is between $95,000-$105,000/yr depending on experience level.
Essential Functions of This Role: Compliance Program Management & Audit Leadership
  • Audit Execution: Act as the primary point of contact for external auditors; lead the end-to-end execution of PCI DSS audits and support internal audit on IT SOX controls.
  • Data Mapping Maintenance: Develop and maintain a comprehensive data inventory and data flow diagrams. Track how sensitive data (PII, PCI) moves through our systems to ensure compliance with privacy regulations and security boundaries.
  • Framework Maturation: Map and implement controls across multiple frameworks (PCI DSS, NIST CSF) to eliminate redundancies and improve the organization's security posture.
  • GRC Reporting: Track and report on GRC program health across compliance posture, risk register status, audit readiness, and control effectiveness. Present metrics and trends to leadership on a regular cadence.
2. Access Governance & Identity Management
  • User Access Reviews (UAR): Orchestrate and lead the quarterly and semi-annual user access review process across all critical systems (SaaS, Cloud Infrastructure, and Internal Tools).
  • Joiner/Mover/Leaver Oversight: Monitor and validate that provisioning and deprovisioning processes are executed accurately and on time across critical systems. Flag exceptions, track remediation, and maintain documentation to support access control audits.
3. Security Awareness & Phishing Program
  • Program Ownership: Execute and maintain a comprehensive, year-round Security Awareness Training (SAT) program that meets PCI DSS requirements while driving actual behavioral change.
  • Phishing Simulations: Execute monthly or quarterly phishing simulations; analyze "fail rates" and provide targeted follow-up training to high-risk groups.
  • Content Curation: Select and deploy engaging security content, newsletters, and "security moments" to keep cybersecurity top-of-mind for all employees.
  • Reporting: Present program health metrics (completion rates, simulation trends, and reporting speed) to the Leadership team.
4. Risk and Vendor Management
  • Vendor & Risk Execution: Execute the TPRM program—conducting vendor security reviews, tracking remediation to completion, and escalating high-risk findings to leadership.
  • Risk Register Ownership: Maintain and update the corporate risk register, ensuring remediation efforts are tracked, validated, and communicated to leadership.
Desired Qualifications:
  • Experience: 3–5 years of dedicated experience in GRC, Information Security, or Audit (FinTech or Financial Services industry experience is highly preferred).
  • Technical Mastery: Deep practical knowledge of PCI DSS requirements and controls.
  • Data Governance: Experience performing Data Mapping exercises and maintaining Records of Processing Activities (RoPA).
  • SAT Strategy: Proven experience managing phishing platforms (e.g., KnowBe4, Mimecast, or Vanta-integrated tools) and developing security training curricula.
  • IAM Expertise: Proven experience managing formal access review cycles and identity governance processes.
  • Systems: Proven experience administering a GRC platform, including automated evidence collection, control monitoring, and access review workflows. Direct experience with Vanta is a significant advantage.
  • SOX IT Controls: Experience with SOX IT General Controls (ITGCs), including change management, logical access, computer operations controls, and segregation of duties (SoD). This role will work directly with internal audit to support IT SOX control testing and evidence collection.
  • AI Tooling: Demonstrated experience using AI tools to improve GRC workflows, automate reporting, or accelerate evidence collection and analysis.
Core Competencies
  • Critical Thinker: You have a drive for distinguishing clear priorities and conclusions from ambiguous data.
  • Velocity: You bring urgency and momentum to compliance work—prioritizing ruthlessly, moving quickly through ambiguity, and consistently pushing the program further than the baseline requires.
  • Detail Oriented: You notice the small gaps in access logs, data maps, or training reports that others might miss.
  • AI-Forward: You treat AI as a force multiplier for GRC work—using it to compress audit prep cycles, automate evidence gathering, and free up capacity for higher-value risk analysis.
  • Collaborative: You work effectively across IT and Engineering to surface control gaps, translate technical risks into compliance language, and ensure cross-functional ownership of remediation.
Your First 90 Days
  • Own the PCI DSS evidence pipeline. Get fully oriented on the current ASV scanning cadence, open findings, and SAQ scoping in Vanta. By day 60, be actively supporting evidence collection. By day 90, have a clear understanding of the program state and a plan for taking it over fully.
  • Get oriented on the SOX SoD review cycle. The conflict detection framework and SoD procedure are built. Within 90 days, develop a working understanding of the quarterly review rhythm, the supporting Confluence documentation, and the compensating controls tracking process — with the goal of owning it independently shortly after.
  • Complete a full UAR cycle. Execute a complete user access review across all critical systems, coordinating with IT and system owners, documenting exceptions, and tracking remediation to closure. This is a tangible, auditable deliverable that demonstrates cross-functional coordination and Vanta proficiency.

Deliver a first GRC metrics report to leadership. Produce a polished metrics report covering compliance posture, risk register status, PCI standing, and SOX control health. This establishes the reporting cadence and introduces the role to leadership on their terms.

Location

Subsplash currently has operations in 27 states across the US! As much as we would love to have employees in as many states and countries as we have clients, we are currently limiting hiring to the states we already operate in. As a result of that, this role is only available as a 100% remote position if you reside in one of the following states:

AL, AR, AZ, CO, FL, GA, ID, IA, IN, KS, KY, MO, MI, MN, NC, NM, OK, OH, OR, SC, SD, TN, TX, UT, VA, WA, WY.

We are not sponsoring relocation for this role so unfortunately, if you do not currently reside in one of these states, we are unable to consider your application.

Benefits

Generous Paid Time Off, Medical Coverage, Dental Coverage, Vision Coverage, short and long term disability and life insurance all free of charge, Competitive Compensation, 401k Matching, Professional Development, Top of the Line Equipment, Referral Program, Parental Leave, Family-Friendly Culture, and the chance to work side-by-side with thought leaders in emerging tech

Note: Employment with Subsplash is contingent upon satisfactory proof of employee's right to work in the U.S., as required by law and upon completion of a basic background check and; employment with Subsplash is considered "at will," meaning that either the company or the employee may terminate the employment relationship at any time without cause or notice.

Subsplash is an Equal Opportunity Employer. We value all human life as all people are created with equal dignity, value, and worth. We do not discriminate on the ground of race, color, religion, sex, age, disability or national origin, or genetic information in the hiring, retention, or promotion of employees; nor in determining their rank, or the compensation or fringe benefits paid them.

#LI-Remote #BI-Remote

Vacancy posted 26 days ago
Similar jobs that could be interesting for youBased on the Sr. GRC Analyst in Louisville, KY vacancy
  • Brown-Forman is hiring an IT Governance/Risk/Compliance Analyst in Louisville, KY. This role involves developing and maintaining IT governance frameworks, supporting risk management programs, and ensuring compliance with internal policies and external regulations. The ideal... 
    Suggested

    Brown--forma

    Louisville, KY
    5 days ago
  • Brown-Forman is seeking an IT Governance/Risk/Compliance Analyst to support risk management initiatives and ensure compliance with internal policies and regulations. The ideal candidate will have over 3 years of experience, strong analytical and communication skills, and... 
    Suggested

    Brown-Forman

    Louisville, KY
    2 days ago
  • Job DescriptionJob Description The Sr. Manager Commercial Regulatory supports regulatory department with cross-functional projects, submission requirements, and specific regulatory and development initiatives as required. I DUTIES AND RESPONSIBILITIES Serves as a Commercial... 
    Senior
    Work at office
    Local area
    Night shift

    Energy Jobline ZR

    Louisville, KY
    2 days ago
  •  ...ABOUT THIS POSITION The Senior Compensation Analyst plays a key role in the design, implementation, and administration of compensation programs. This role partners with People, Finance, and business leaders to ensure compensation practices are competitive, equitable... 
    Senior
    Full time
    Live out
    Local area
    Flexible hours

    Waystar

    Louisville, KY
    3 days ago
  • Overview This position is responsible for regulatory and rate‑making decisions that shape the future of energy in our region. Responsibilities include playing a key role in developing cost of service, revenue requirement and rate strategies; supporting regulatory filings...
    Senior
    Work experience placement

    PPL

    Louisville, KY
    3 days ago
  • $107.33k - $137.86k

    A leading biotechnology company in Louisville, KY is seeking a Specialist in Supply Chain Compliance. In this role, you will manage deviations, support audits, and ensure supply chain compliance. Candidates should have a Doctorate or equivalent experience in Supply Chain...
    Senior

    BioSpace, Inc.

    Louisville, KY
    2 days ago
  • $114k - $171k

     ...START: Yes CLEARANCE TYPE: Top Secret TRAVEL: Yes, 10% of the Time Description We are looking for you to join our team as a Principal / Sr. Principal Software Engineer based out of Woodland Hills, CA. As a Principal / Sr. Principal Software Engineer at Northrop Grumman,... 
    Senior
    Full time
    Relocation package
    Shift work

    Dormont Manufacturing Company

    Woodland Hills, KY
    2 days ago
  • Mt. Washington Pediatric Hospital is looking for a Housing Specialist III to oversee eligibility and compliance for housing programs in Louisville. The successful candidate will manage complex income certifications, maintain compliance files, and ensure adherence to HUD...
    Senior

    Mt. Washington Pediatric Hospital

    Louisville, KY
    2 days ago
  • GE Appliances seeks a Senior Anti-Fraud & Anti-Corruption Analyst to support their compliance program in Louisville, KY. The role involves monitoring fraud risks, conducting investigations, and collaborating with various business functions to strengthen internal controls... 
    Senior

    GE Appliances

    Louisville, KY
    1 day ago
  • Ernst & Young Oman is seeking an Associate Director for the Ethics and Compliance Investigations Team based in the US. This role involves leading investigations into complex issues while working closely with stakeholders to ensure quality and professional practice. The ...
    Senior
    Flexible hours

    Ernst & Young Oman

    Louisville, KY
    1 day ago
  • $206.11k - $283.4k

    About the Role The Sr. Principal Software Engineer leads the design, development and testing of software applications for space systems and technologies. This advanced position requires extensive expertise in multiple programming languages, a deep understanding of software... 
    Senior
    Work experience placement

    Pace Industries

    Louisville, KY
    1 day ago
  • $75k - $150k

    Position Overview At PNC, our people are our greatest differentiator and competitive advantage in the markets we serve. We are all united in delivering the best experience for our customers. We work together each day to foster an inclusive workplace culture where all of...
    Senior
    Full time
    Temporary work
    Work experience placement
    Work at office

    PNC

    Louisville, KY
    4 days ago
  •  ...Role: Supply Chain Sr Associate Location: Louisville KY 40299 Hybrid - 3 days Onsite (Tues, Wed, Thurs) and 2 days WFH Standard hours Skills Bachelor's degree or equivalent in Life Sciences + 2 years' experience in GMP / GDP compliance In the absence of a Life Sciences... 
    Senior
    Work from home

    Creative Solutions Services, LLC

    Louisville, KY
    5 days ago
  • A leading technology consulting firm seeks a Salesforce Principal Consultant to drive technology solutions and client engagement. Responsibilities include developing Salesforce implementations and solutions that meet customer needs while collaborating with diverse teams...
    Senior
    Full time

    Sonsoft Inc

    Louisville, KY
    5 days ago
  • $206.11k - $283.4k

    Pace Industries, LLC in Louisville, Kentucky is seeking a Sr. Principal Software Engineer to lead the design and development of software applications for space systems. This role demands over 15 years of experience with extensive expertise in multiple programming languages... 
    Senior

    Pace Industries

    Louisville, KY
    5 days ago
  • $83.4k - $101k

    Essential Duties and Responsibilities Develop and deploy advanced methods to analyze operational data and derive meaningful, actionable insights for stakeholders and business development partners. Function as point of contact for data and analytical usage across multiple...
    Senior
    Minimum wage
    Contract work
    Temporary work
    Work experience placement
    Home office

    MAXIMUS

    Louisville, KY
    3 days ago
  • Park Community in Louisville, Kentucky is seeking a Compliance Specialist I to ensure compliance with internal policies and regulatory requirements. Responsibilities include monitoring loan products, providing feedback to management on compliance issues, and collaborating...

    Park Community

    Louisville, KY
    1 day ago
  • A leading biotech pharmaceutical company is seeking a Sr Associate Supply Chain Compliance to manage temperature excursions and deviations. This hybrid role involves collaboration with quality and external partners to ensure compliance with Good Distribution Practice (... 
    Senior
    Hourly pay

    Advanced Bio-Logic Solutions Corp

    Louisville, KY
    1 day ago
  • ## Senior Director, Compliance & IntegrityApplylocations: USA, Louisville, KYtime type: Full timeposted on: Posted Yesterdayjob requisition id: REQ-25843At GE Appliances, a Haier company, we come together to make “good things, for life.” As the fastest-growing appliance...
    Senior
    Work at office
    Flexible hours

    GE Appliances

    Louisville, KY
    5 days ago
  • $130k - $210k

    Ventas, Inc. is seeking a Manager, Healthcare Regulation to lead key compliance efforts for the Senior Housing Operating Portfolio. This position involves overseeing regulatory aspects of acquisitions and partnerships, managing compliance with healthcare regulations, and...
    Senior

    Ventas, Inc.

    Louisville, KY
    1 day ago
  • Senior Accountant We are seeking a Senior Accountant to support financial reporting and month-end close. This hands-on individual contributor role will partner with the Controller to prepare financial reports, including standard financial statements (Balance Sheet, ...
    Senior

    Uptempo

    Louisville, KY
    3 days ago
  • $100k - $275k

     ...cross-fertilization of ideas necessary for true innovation. For more information about Draper, visit Job Description Summary The HRIS Analyst, Principal is a pivotal member of the HR Analytics team that delivers Workday HCM expertise across the enterprise. In this role you... 
    Full time

    Draper

    Cambridge, KY
    5 days ago
  • Cerity Partners Management LLC is seeking a tax professional to join their Louisville, KY office. This role emphasizes client engagement, reviewing and signing tax returns, and advising clients on complex tax strategies. The ideal candidate has extensive experience with...
    Senior
    Remote job
    Work at office

    Cerity Partners Management LLC

    Louisville, KY
    3 days ago
  • US WorldMeds LLC is seeking a Sr Manager, Commercial Regulatory in Louisville, KY. This role supports the regulatory department with crucial cross-functional projects, lead submission requirements, and guides specific regulatory initiatives. Requirements include a Bachelor... 
    Senior

    US WorldMeds LLC

    Louisville, KY
    5 days ago
  • $133.1k - $199.7k

    RELOCATION ASSISTANCE: Relocation assistance may be available CLEARANCE REQUIRED FOR START: No CLEARANCE TYPE: Secret TRAVEL: Yes, 10% of the Time Description At Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact ...
    Work at office
    Relocation package
    Shift work

    Dormont Manufacturing Company

    Woodland Hills, KY
    4 days ago
  • Handsome Brook Farms is looking for a Human Resources Manager to support business objectives through strategic HR processes. This role includes overseeing payroll, compliance with employment laws, and leading HR development programs. Ideal candidates will have at least ...
    Senior

    Handsome Brook Farms

    Brooks, KY
    3 days ago
  • $115.92k - $173.88k

    Compliance Director Location: This role requires associates to be in-office 3 days per week, fostering collaboration and connectivity, while providing flexibility to support productivity and work-life balance. This approach combines structured office engagement with the...
    Work at office
    Local area
    3 days per week

    Elevance Health

    Spring Valley, KY
    5 days ago
  •  ...regulated industries Advanced degree (JD, CPA, CIA, or related field) Relevant certifications (e.g., CCEP, CAMS, CRCM) Experience with GRC platforms, audit tools, and data visualization Strong executive communication and stakeholder management skills #J-18808-Ljbffr... 
    Work at office

    Sazerac

    Louisville, KY
    3 days ago
  • Fairstead is seeking a Community Manager in Louisville, Kentucky. The role encompasses the day-to-day management of property operations, ensuring compliance with housing laws and regulations, and driving the performance of the assigned property. Successful candidates will...
    Senior

    Fairsteadescllc

    Louisville, KY
    3 days ago
  • GE Appliances in Louisville, KY seeks a Senior Manufacturing Engineer to oversee the AP2 factory's washer program. The engineer will manage operational readiness, collaborate across teams, and drive continuous improvement in quality and safety. Qualified candidates should...
    Senior
    Full time

    Reporter Newspapers

    Louisville, KY
    3 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Sr. GRC Analyst. Be the first to apply!