Senior Staff Analyst, GRC

About the Role

The ideal candidate will be a collaborative leader with deep domain expertise in information security, regulatory compliance, risk governance, and cross-functional stakeholder engagement. You will work closely with various teams, including Legal, IT, Finance, and Security, to align on the GRC program and deliver a cohesive integrated risk management framework.

Mozilla Corporation is a non-profit-backed technology company that has shaped the internet for the better over the last 25 years. With a focus on diverse areas, including AI, social media, security, and more, Mozilla is committed to making the internet better for people.

What You Will Do

• Develop and maintain a comprehensive GRC strategy and roadmap aligned with business objectives
• Lead the creation and enforcement of standards, policies, controls, audits, and reporting across various enterprise and product verticals
• Develop and operationalize a risk assessment and management framework on a periodic basis to enable prioritization and remediation of critical issues
• Define and deliver measurable scorecards and metrics to enable data-driven decision making
• Ensure compliance with various regulatory standards and frameworks, such as ISO, NIST, SOC2, CCPA, and GDPR
• Lead internal and external audit activities, including tracking and resolving deficiencies and remediations
• Partner closely with Legal, IT, Finance, and Security to align on the GRC program and deliver a cohesive integrated risk management framework
• Define requirements and reporting for data life cycle management across enterprise and product domains, working with the data platform and legal teams
• Develop and maintain a comprehensive understanding of regulatory requirements and industry best practices
• Collaborate with cross-functional teams to identify and mitigate risks

What We Are Looking For

• 10+ years of progressive experience in developing and delivering an integrated GRC framework
• Strong understanding and deep knowledge of regulatory frameworks, processes, and tools related to building a robust GRC framework
• Experience leading and delivering cross-functional projects and programs
• Excellent communication and collaboration skills
• Ability to work in a fast-paced environment and adapt to changing priorities
• Strong analytical and problem-solving skills
• Experience with risk management and compliance frameworks
• Knowledge of information security and data privacy regulations

Nice to Have

• Experience with cloud-based technologies and cloud security
• Familiarity with agile development methodologies
• Knowledge of data analytics and visualization tools
• Experience with audit and compliance tools
• Certification in GRC, such as CISA or CRISC

Benefits and Perks

• Competitive salary and benefits package
• Opportunity to work with a talented and passionate team
• Flexible working hours and remote work options
• Professional development and growth opportunities
• Access to cutting-edge technologies and tools
• Comprehensive health insurance and wellness programs
• Generous parental leave and family benefits
• Employee stock purchase plan and equity incentives

• Review Mozilla's mission and values to understand the company culture and expectations
• Emphasize your experience in developing and implementing GRC frameworks, and highlight your ability to collaborate with cross-functional teams
• Be prepared to provide specific examples of your experience with risk management and compliance frameworks
• Familiarize yourself with regulatory requirements and industry best practices, such as ISO, NIST, and SOC2
• Prepare to discuss your analytical and problem-solving skills, and how you have applied them in previous roles
• Research the company's products and services, and be prepared to discuss how you can contribute to the organization's goals