GRC Analyst II jobs in United States
cer-icon
Apply on Employer Site
company-logo

BambooHR ยท 2 weeks ago

GRC Analyst II

positionUtah | Hybrid
timeFull-time
remoteHybrid
seniorityEntry, Mid Level
date2+ years exp

BambooHR is a company focused on building a people intelligence platform that transforms HR. They are seeking a GRC Analyst II to contribute to their Governance, Risk, and Compliance team by executing compliance activities, supporting security policy implementation, and conducting risk assessments.

Human ResourcesSaaSSoftware
check
Culture & Values
check
H1B Sponsor Likelynote

Responsibilities

Collaborate with internal stakeholder teams (e.g., Engineering, IT, Product, Legal, HR) to document the implementation of security compliance controls across technical, management, and operational requirements
Support and perform gap analyses of current policies, procedures, and practices against established guidelines and frameworks, including NIST, FISMA, HIPAA, and other applicable regulatory standards
Assist with and conduct risk assessments of technology infrastructure, business processes, and security controls for assigned areas, documenting findings and recommended remediation steps
Embrace AI as a core tool to enhance GRC accuracy, efficiency, and proactive risk management, while following internal standards for responsible AI use
Use AI-powered platforms, under guidance from senior team members, for continuous controls monitoring, predictive risk analysis, and identification of potential compliance gaps
Improve team efficiency in evidence collection, organization, and analysis - leveraging AI and automation where appropriate - so the GRC function can focus more time on higher-value risk and compliance activities
Contribute to the build-out, maintenance, and ongoing refinement of the enterprise controls matrix, ensuring alignment and mapping across multiple compliance frameworks (e.g., SOC 1, SOC 2, PCI DSS, NIST CSF, ISO 27001, ISO 27018, ISO 42001, HITRUST, HIPAA)
Assist in developing, updating, and maintaining security and compliance documentation, which may include the key documents required by the above standards
Support the delivery, tracking, and ongoing improvement of information security training and awareness programs for employees and contractors
Perform vendor security and risk assessments for new and existing vendors, document results, and occasionally interface directly with vendor contacts to clarify responses or request additional information
Assist with tracking and coordinating activities related to threat and vulnerability management, including monitoring assessment results, following up on remediation efforts, and helping to ensure that vulnerabilities are addressed within defined timeframes

Qualification

GRC experienceInformation security policiesRisk assessmentsCompliance frameworksCISSP certificationCloud environmentsEnterprise compliance toolsInterpersonal skillsCommunication skillsOrganizational skillsTeam collaboration

Required

Bachelor's degree in Computer Science, Information Technology, or related field
Minimum of 2 years of experience in compliance, audit, and/or information security
Foundational understanding and eagerness to learn NIST CSF, NIST RMF, ISO 27001, ISO 27018, ISO 42001, SOC 1, SOC 2, HIPAA and HITRUST
Basic understanding of cloud based environments for production applications, including Amazon Web Services, Google Cloud, or other large-scale cloud deployments
Experience in the vulnerability assessment lifecycle from the point of identification to remediation
Interpersonal skills to work as a team member and as a liaison
Excellent verbal communication, presentation, organizational and planning skills, and great attitude and ability to learn new things quickly

Preferred

CISSP, CISA, CCSA, or equivalent certification
Familiarity with enterprise-level compliance tools such as Drata, Vanta, ServiceNow, Archer, IBM GRC or other industry equivalent software
Prior information security experience helpful
Bachelor's degree in Computer Science, Information Systems or related field

Benefits

Comprehensive health, life, and disability insurance
Generous leave policies that include 4 weeks of vacation, 12 company holidays, parental leave, and volunteer time off so you can enjoy quality of life
401k plans with up to 6% company match
$2000 Paid-Paid Vacation bonus
EAP through Headspace

Company

BambooHR

twittertwittertwitter
Glassdoor3.7
company-logo
BambooHR is a SaaS-based company providing subscription-based HR software for SMEs.
dateFounded in 2008
location
Lindon, Utah, USA
people-size1001-5000 employees
web-link
http://www.BambooHR.com

H1B Sponsorship

BambooHR has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (2)

Funding

Current Stage
Late Stage
Total Funding
unknown
Key Investors
Sorenson Capital
2016-08-01Series Unknown
2012-01-01Series Unknown

Leadership Team

leader-logo
Bradley Rencher
Chief Executive Officer
linkedin
leader-logo
Ben Peterson
Co-founder and Co-chairman
linkedin

Recent News

Morningstar.com
New BambooHR + Xero Powers Compliant Global Payroll for Scaling Companies in the UK, Australia, and New Zealand
2025-12-04
Beta News
Study debunks viral claim that AI filters out most job applicants
2025-11-12
EIN Presswire
Tavio Expands Integration Platform with Public API, On-Premise Agent, and EDI Capabilities
2025-11-05
Company data provided by crunchbase