Senior Staff Analyst, GRC

About the Role

The role requires collaboration with various teams, including Legal, IT, Finance, and Security, to deliver a cohesive integrated risk management framework. This is a unique opportunity to work with a non-profit-backed technology company that is shaping the next 25 years of the internet.

Mozilla Corporation is the non-profit-backed technology company behind pioneering brands like Firefox, the privacy-minded web browser. With more than 225 million people using Mozilla's products each month, the company is focused on diverse areas, including AI, social media, security, and more, all while maintaining its core mission to make the internet better for people.

What You Will Do

• Develop and maintain a comprehensive GRC strategy and roadmap aligned with business objectives.
• Lead the creation and enforcement of standards, policies, controls, audits, and reporting across various enterprise and product verticals.
• Develop and operationalize a risk assessment and management framework to enable prioritization and remediation of critical issues.
• Define and deliver measurable scorecards and metrics to enable data-driven decision making.
• Ensure compliance with various regulatory standards and frameworks, such as ISO, NIST, SOC2, CCPA, GDPR, etc.
• Lead internal and external audit activities, including tracking and resolving deficiencies and remediations.
• Partner closely with Legal, IT, Finance, and Security to align on the GRC program and deliver a cohesive integrated risk management framework.
• Define requirements and reporting (scorecards) of data life cycle management across enterprise and product domains, working with the data platform and legal team.

What We Are Looking For

• 10+ years of progressive experience in developing and delivering an integrated GRC framework.
• Strong understanding and deep knowledge of regulatory frameworks, processes, and tools related to building a robust GRC framework.
• Experience leading and delivering cross-functional stakeholder engagement.
• Ability to develop and maintain a comprehensive GRC strategy and roadmap.
• Strong leadership and collaboration skills.
• Experience with risk assessment and management frameworks.
• Knowledge of data life cycle management principles.

Nice to Have

• Certification in information security or a related field.
• Experience with open-source software development.
• Knowledge of AI, social media, and security technologies.
• Experience working in a non-profit or technology company.

Benefits and Perks

• Opportunity to work with a pioneering brand that is shaping the internet for the better.
• Collaborative and dynamic work environment.
• Professional development opportunities.
• Flexible working hours and remote work options.
• Access to the latest technologies and tools.
• Competitive compensation and benefits package.

• Ensure your resume highlights your experience in developing and implementing GRC frameworks, as well as your knowledge of regulatory compliance and risk governance.
• Be prepared to discuss your approach to cross-functional stakeholder engagement and leadership in a remote work setting.
• Familiarize yourself with Mozilla's products and mission to demonstrate your passion for the company's goals.
• Develop a portfolio that showcases your skills in risk assessment, compliance, and data life cycle management.
• Practice discussing your experience with open-source software development and information security principles.
• Research the current market standards for GRC analysts to negotiate your salary effectively.