Senior Staff Analyst, GRC

About the Role

The Security team at Mozilla is dedicated to building a safe and secure internet. As a Senior Staff Analyst, GRC, you will play a key role in ensuring the company's compliance with various regulatory standards and frameworks. This includes leading internal and external audit activities, tracking and resolving deficiencies, and partnering closely with Legal, IT, Finance, and Security teams to align on the GRC program.

What You Will Do

• Develop and maintain a comprehensive GRC strategy and roadmap aligned with business objectives.
• Lead the creation and enforcement of standards, policies, controls, audits, and reporting across various enterprise and product verticals.
• Define and deliver measurable scorecards and metrics to enable data-driven decision-making.
• Develop and operationalize a risk assessment and management framework on a periodic basis to enable prioritization and remediation of critical issues.
• Ensure compliance with regulatory standards and frameworks such as ISO, NIST, SOC2, CCPA, and GDPR.
• Lead internal and external audit activities, including tracking and resolving deficiencies and remediations.
• Partner closely with Legal, IT, Finance, and Security teams to align on the GRC program and deliver a cohesive integrated risk management framework.
• Define requirements and reporting (scorecards) of data life cycle management across enterprise and product domains, working with the data platform and legal teams.
• Collaborate with cross-functional teams to implement and maintain the GRC framework.

What We Are Looking For

• 10+ years of progressive experience in developing and delivering an integrated GRC framework.
• Strong understanding and deep knowledge of regulatory frameworks, processes, and tools related to building a robust GRC framework.
• Experience leading and delivering cross-functional projects and stakeholder engagement.
• Proven track record of developing and implementing compliance programs and risk management frameworks.
• Excellent communication, collaboration, and project management skills.
• Ability to work in a fast-paced, dynamic environment and adapt to changing priorities.
• Strong analytical and problem-solving skills, with the ability to analyze complex data and provide actionable insights.

Nice to Have

• Experience with agile development methodologies and version control systems.
• Knowledge of cloud-based technologies and DevOps practices.
• Certification in GRC, such as CISA, CISM, or CRISC.
• Experience working in a non-profit or open-source environment.

Benefits and Perks

• Competitive salary and benefits package.
• Opportunity to work with a pioneering brand in the technology industry.
• Collaborative and dynamic work environment with a team of experienced professionals.
• Flexible working hours and remote work options.
• Professional development opportunities, including training and conference attendance.
• Access to the latest technologies and tools.
• A culture that values diversity, equity, and inclusion.

• Ensure your resume and cover letter are tailored to the GRC role, highlighting your experience with regulatory frameworks and compliance programs.
• Develop a strong understanding of Mozilla's products and mission, and be prepared to explain how your skills align with the company's goals.
• Prepare examples of your experience with cross-functional stakeholder engagement and project management.
• Familiarize yourself with industry-standard tools and technologies, such as GRC software and risk management frameworks.
• Be prepared to discuss your approach to data-driven decision-making and how you have applied metrics and scorecards in previous roles.
• Consider obtaining or highlighting relevant certifications, such as CISA or CISM, to demonstrate your expertise in GRC.