Senior Staff Analyst, GRC

About the Role

Day-to-day, this role will involve working closely with various teams across the organization to align security, privacy, regulatory, and risk management initiatives. The ideal candidate will have a strong understanding of the current regulatory landscape and the ability to develop and maintain a comprehensive GRC strategy and roadmap aligned with business objectives.

What You Will Do

• Develop and maintain a comprehensive GRC strategy and roadmap aligned with business objectives
• Lead the creation and enforcement of standards, policies, controls, audits, and reporting across various enterprise and product verticals
• Develop and operationalize a risk assessment and management framework to enable prioritization and remediation of critical issues
• Define and deliver measurable scorecards and metrics to enable data-driven decision making
• Ensure compliance with various regulatory standards and frameworks (ISO, NIST, SOC2, CCPA, GDPR, etc.)
• Lead internal and external audit activities, including tracking and resolving deficiencies and remediations
• Partner closely with Legal, IT, Finance, and Security teams to align on the GRC program and deliver a cohesive integrated risk management framework
• Define requirements and reporting (scorecards) of data life cycle management across enterprise and product domains, working with the data platform and legal teams
• Collaborate with cross-functional teams to identify, assess, and mitigate risks

What We Are Looking For

• 10+ years of progressive experience in developing and delivering an integrated GRC framework
• Strong understanding and deep knowledge of regulatory frameworks, processes, and tools related to building a robust GRC framework
• Experience leading and delivering cross-functional projects and programs
• Excellent communication and stakeholder management skills
• Ability to work in a fast-paced environment and adapt to changing priorities
• Strong analytical and problem-solving skills
• Experience with risk management and compliance frameworks
• Knowledge of information security and privacy principles

Nice to Have

• Experience working in the tech industry, particularly with open-source software
• Familiarity with agile development methodologies
• Certification in a relevant field (e.g., CISM, CRISC, CISA)
• Experience with data analytics and data visualization tools

Benefits and Perks

• Opportunity to work with a pioneering tech company committed to making the internet better for people
• Collaborative and dynamic work environment
• Professional development opportunities
• Flexible working hours and remote work options
• Access to the latest technologies and tools
• Comprehensive benefits package, including health insurance and retirement plan

• Ensure your resume and cover letter highlight your experience in developing and delivering GRC frameworks, as well as your understanding of regulatory compliance and risk management.
• Be prepared to discuss your experience working with cross-functional teams and stakeholders, and how you have driven compliance and risk management initiatives in previous roles.
• Research Mozilla's mission and values, and be ready to explain how your skills and experience align with the company's goals.
• Consider creating a portfolio or examples of your work in GRC, such as policies, procedures, or risk assessments, to demonstrate your expertise.
• Don't underestimate the importance of soft skills, such as communication and stakeholder management, in this role - be prepared to provide examples of how you have successfully collaborated with others in the past.
• When negotiating salary, consider the company's commitment to flexibility and work-life balance, and be prepared to discuss your expectations for remote work arrangements.