LazyApply Logo

LazyApply

How It WorksPricingReviewsAI Cover Letter
BambooHR
BambooHR

501-1000 employees

WebsiteLinkedIn
Human Resources
Software
SaaS
Technology
About BambooHR

BambooHR is a leading provider of human resources software designed specifically for small and medium-sized businesses. Founded in 2008, the company offers a cloud-based platform that simplifies HR tasks such as employee data management, applicant tracking, onboarding, time-off tracking, and performance management. BambooHR's mission is to help businesses put their people first by providing intuitive and effective HR tools that improve employee experience and streamline administrative processes. The company is recognized for its user-friendly interface and strong customer support, serving thousands of customers worldwide.

5 months ago

GRC Analyst

Full-time
Mid Level
GRC Analyst
Report problem

📋

Description
  • The GRC Analyst II is an important contributor on BambooHR’s Governance, Risk, and Compliance (GRC) team, helping to execute and support day-to-day compliance activities across information security, policy management, risk management, data classification, vendor risk, privacy, audit, and security awareness.
  • This role partners closely with more senior GRC and security team members to implement and maintain information security policies and documentation; assess adherence to existing policies and standards; and help respond to and support security-related requirements from customers.
  • The GRC Analyst II assists with performing and documenting security and vendor risk assessments, monitoring and tracking compliance status, and supporting the development and continuous improvement of GRC processes, procedures, standards, and guidance.
  • The role also helps evaluate risks and controls that support BambooHR’s NIST CSF, ISO 27001, ISO 27018, ISO 42001, SOC 1, SOC 2, HITRUST, FedRAMP, and other regulatory and compliance initiatives.
  • This position is ideal for someone with approximately two years of GRC or information security experience who has a solid understanding of security and compliance fundamentals, is comfortable learning and applying security control frameworks, and brings strong organization, attention to detail, communication, and writing skills.
  • The role involves collaboration with internal teams, supporting policy gap analyses, risk assessments, security documentation, vendor assessments, and vulnerability management activities.
  • It emphasizes the use of AI and automation to improve efficiency and accuracy in GRC functions.

🎯

Requirements
  • Bachelor's degree in Computer Science, Information Technology, or related field
  • Minimum of 2 years of experience in compliance, audit, and/or information security
  • Familiarity with enterprise-level compliance tools such as Drata, Vanta, ServiceNow, Archer, IBM GRC or other industry software
  • Foundational understanding and eagerness to learn NIST CSF, NIST RMF, ISO 27001, ISO 27018, ISO 42001, SOC 1, SOC 2, HIPAA, and HITRUST
  • Basic understanding of cloud environments like AWS, Google Cloud, or similar
  • Experience in vulnerability assessment lifecycle from identification to remediation
  • Interpersonal skills for teamwork and liaison roles
  • Excellent verbal communication, presentation, organizational, and planning skills
  • Great attitude and quick learner
  • Bachelor’s degree in Computer Science, Information Systems, or related field

🏖️

Benefits
  • Comprehensive health, life, and disability insurance
  • Generous leave policies including 4 weeks of vacation, 12 holidays, parental leave, and volunteer time off
  • 401(k) plans with up to 6% company match
  • $2000 Paid Vacation bonus
  • EAP through Headspace
  • Recognition for great company culture by Inc and Salt Lake Tribune