Senior GRC Analyst

DockerDocker·Remote(Canada)
Cybersecurity

WFA Digital Insight

The demand for skilled GRC professionals has surged in recent years, with a 25% increase in job postings in 2025 alone. As companies like Docker continue to navigate the complexities of remote work and digital transformation, the need for experts who can build and maintain robust risk management programs has never been greater. With the rise of AI, governance is becoming a critical component of GRC, and candidates with experience in this area are highly sought after. Before applying, candidates should be aware of the evolving regulatory landscape and the importance of staying up-to-date with industry standards.

Job Description

About the Role

The Senior GRC Analyst will play a crucial role in developing and implementing Docker's risk management program, ensuring the company's compliance with various regulatory frameworks. This is a remote position, offering the opportunity to work with a globally distributed team and contribute to the development of industry-leading software solutions. The successful candidate will have a strong background in information security, governance, risk, and compliance, with experience in building and operating enterprise risk management programs.

As a Senior GRC Analyst at Docker, you will be responsible for designing and implementing security risk assessments, third-party risk management, and risk registers. You will also lead the company's AI governance initiative, developing policies, assessments, and controls to ensure responsible AI use across the organization. This is a highly visible role, requiring collaboration with various stakeholders, including Engineering, Product, Legal, IT, and Security Engineering.

What You Will Do

  • Own and drive the compliance program roadmap, aligning framework requirements with business objectives and product strategy
  • Lead cross-functional compliance initiatives with Engineering, Product, Legal, and IT, serving as the authoritative voice on governance and risk matters
  • Design and maintain Docker’s unified control framework, including cross-mapping to NIST 800-53 and identifying control gaps across multiple standards
  • Plan and execute internal audits end-to-end: scoping, evidence collection, control testing, findings management, and external auditor coordination
  • Advise GRC Engineering on correct integrations to configure and controls that require automated monitoring
  • Perform and lead risk assessments across systems, processes, third-party tools, and cloud configurations, translating findings into actionable risk treatment plans
  • Own the vendor risk management program, evaluating third-party vendors against compliance and security standards and driving remediation of identified gaps
  • Draft, review, and maintain corporate security policies and map them to relevant control standards, ensuring alignment across frameworks
  • Establish and report on compliance metrics and KPIs, providing data-driven visibility into program maturity to leadership
  • Stay current with evolving regulatory and industry standards and proactively assess their impact on Docker’s compliance posture

What We Are Looking For

  • 4 to 6 years of experience in Information Security, Governance, Risk, and Compliance
  • Demonstrated experience building or operating an enterprise risk management program, including risk assessments, risk registers, and risk treatment planning
  • Experience with third-party risk management, including vendor security assessments and due diligence
  • Working knowledge of security frameworks and standards, including ISO 27001, SOC 2, NIST 800-53, and GDPR
  • Familiarity with AI governance concepts and emerging frameworks, or a demonstrated ability to learn and apply new frameworks quickly
  • Experience designing metrics and reporting for GRC programs, including dashboards and executive-level summaries
  • Strong written and verbal communication skills, with the ability to translate risk and compliance topics for both technical and non-technical stakeholders

Nice to Have

  • Experience working in a cloud-first environment, with knowledge of cloud security and compliance implications
  • Familiarity with Docker products and technologies, including Docker Desktop, Docker Hub, and Docker Scout
  • Certification in a relevant field, such as CISM, CRISC, or CISSP
  • Experience with automation tools and scripting languages, such as Python or PowerShell

Benefits and Perks

  • Competitive salary and benefits package
  • Opportunity to work with a globally distributed team and contribute to the development of industry-leading software solutions
  • Flexible working hours and remote work arrangements
  • Access to the latest technologies and tools, including Docker products and services
  • Professional development opportunities, including training and certification programs
  • Health and wellness programs, including mental health support and employee assistance programs
  • Generous PTO and holiday allowance, with flexible work arrangements to support work-life balance

How to Stand Out

  • To stand out in this role, be prepared to discuss your experience with risk management programs and AI governance initiatives.
  • Make sure to review the latest regulatory and industry standards, including ISO 27001, SOC 2, and GDPR, and be prepared to discuss their implications for Docker's compliance posture.
  • Familiarize yourself with Docker products and technologies, including Docker Desktop, Docker Hub, and Docker Scout, and be prepared to discuss how they can be used to support risk management and compliance initiatives.
  • Develop a strong understanding of cloud security and compliance implications, and be prepared to discuss how to mitigate risks in a cloud-first environment.
  • Be prepared to provide examples of your experience with third-party risk management, including vendor security assessments and due diligence.
  • Consider obtaining relevant certifications, such as CISM, CRISC, or CISSP, to demonstrate your expertise and commitment to the field.

This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.