Senior GRC Analyst

at Tines
🇺🇸 United States - Remote
🔒 Cybersecurity🟣 Senior

Job description

Founded in 2018 with co-headquarters in Dublin and Boston, Tines powers some of the world’s most important workflows. Our orchestration, automation, and AI platform enables businesses to operate more effectively, mitigate risk, reduce tech debt, and focus on high-impact work.

Tines serves a diverse range of customers, from startups to public companies, including Canva, Databricks, Elastic, Kayak, Intercom, and McKesson. As an integrator across the entire tech stack, Tines connects with any API-enabled service. This flexibility enables our customers to achieve their highest-priority goals faster. And because Tines is secure and private by design, it’s popular with security, IT and other security-focused teams.

At Tines, we’re driven by our values of Simplicity, Speed, and Soundness. We’re committed to delivering exceptional customer experiences while fostering a company culture that nurtures individual curiosity, growth, and integrity. We’re excited about what’s next, and we’re looking for others to join us on our journey.

About the Role

Tines is seeking an experienced Senior Governance, Risk, and Compliance (GRC) Analyst to strengthen our compliance strategy and execution during a pivotal growth phase. Reporting directly to the Head of IT Operations & Information Security, you will play a critical role in our FedRAMP program while maintaining our existing SOC 2 compliance.

Location: Based remotely in the United States.

Key Responsibilities

  • FedRAMP Certification Efforts - Assist our FedRAMP certification program, including gap analysis, remediation planning, documentation development, and coordination with 3PAO assessors
  • Maintain SOC 2 Compliance - Support continuous compliance with SOC 2 requirements, including evidence collection, control testing, and audit coordination
  • Vendor Risk Management - Establish and manage a comprehensive vendor risk assessment program, evaluating security controls and compliance posture before acquisition
  • Risk Assessment and Management - Conduct thorough risk analyses for systems, processes, and third-party applications, implementing appropriate controls to mitigate identified risks
  • Compliance Automation - Leverage Tines automation capabilities to streamline compliance processes, evidence collection, and reporting
  • Customer Security Assurance - Respond to customer security inquiries, questionnaires, and audit requests, maintaining our Trust Center with up-to-date documentation
  • Policy Development and Maintenance - Review, update, and develop security policies and procedures aligned with regulatory requirements and industry best practices
  • Cross-functional Collaboration - Partner with engineering, product, legal, and leadership teams to embed compliance requirements into organizational processes
  • Contract Review and Management - Collaborate closely with the legal team to review contracts for security and compliance requirements, ensure appropriate security provisions are included, identify potential compliance risks, and recommend mitigating controls. Help develop standardized security language for various contract types.
  • Regulatory Monitoring - Stay current with evolving compliance standards and regulatory requirements relevant to our business and customers

Qualifications

Required

  • 8+ years of experience in IT compliance, security, or risk management
  • Demonstrated experience with FedRAMP certification processes and requirements
  • Hands-on experience implementing or maintaining ISO 27001 compliance
  • Strong knowledge of SOC 2 compliance frameworks and audit processes
  • Experience conducting vendor security assessments and risk analyses
  • Excellent understanding of information security principles, controls, and best practices
  • Strong project management skills with ability to manage multiple compliance initiatives simultaneously
  • Exceptional communication skills for translating technical requirements to non-technical stakeholders

Preferred

  • Industry certifications such as CISSP, CISA, or CISM
  • Experience with compliance automation tools and techniques
  • Knowledge of cloud security principles and controls (AWS, Azure, GCP)
  • Experience reviewing contracts for security and compliance requirements
  • Experience in SaaS or technology companies
  • Familiarity with privacy regulations (GDPR, CCPA)
  • Experience working in remote-first environments

Applicants for this opportunity must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time.

#LI-SW1

At Tines, we’re all about trying new things and taking the leap. If you’re second-guessing your application, we hope you’ll trust your gut and take the leap too! Applying for a new job isn’t always easy, especially if you’re thinking of a career pivot – but we’re big believers in learning and growth here at Tines, so you’ve nothing to worry about. A variety of experience, perspectives, and voices makes us the company we are. We’d love to hear from you.

Tines provides equal employment opportunities to all employees and applicants for employment without regard to sex, race, colour, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion, membership of a national minority, property, birth, disability, age or sexual orientation.

Share this job:
Please let Tines know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Latest Jobs at Tines

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply