Senior GRC Analyst: Audit, Policy & Automation; Remote

Position: Senior GRC Analyst: Audit, Policy & Automation (Remote) Location: Boston/Marlborough Hybrid (3 days) or Remote US Role Overview Nasuni is seeking a Senior GRC Analyst to strengthen and scale our governance, risk, and compliance programs across a fast-growing, AI-ready SaaS platform. This role owns critical audit, risk, and policy initiatives that directly impact customer trust, regulatory posture, and business scalability. You’ll operate at the intersection of security, engineering, legal, and operations—ensuring our controls are effective, auditable, and continuously improving. This role is ideal for someone who has led audit and risk programs end-to-end, not just supported them, and who is motivated to modernize GRC through automation and intelligent tooling. Level & Scope Definition

• Owns execution and continuous improvement of core GRC programs
• Operates independently across multiple compliance frameworks
• Influences cross-functional stakeholders without direct authority
• Balances execution (audits, controls) with program optimization
• Contributes to scalable, automation-driven GRC operations

Responsibilities

Audit & Compliance

• Lead SOC 1, SOC 2, ISO 27001 audits end-to-end (planning - evidence - remediation)
• Partner with auditors and internal teams to ensure timely, accurate audit delivery
• Track and drive remediation of control gaps with accountable owners

Policy & Governance

• Own lifecycle of security policies, standards, and control documentation
• Align policies to evolving regulatory and business requirements
• Facilitate cross-functional policy reviews and approvals

Enterprise Risk Management

• Conduct enterprise risk assessments and maintain risk register
• Partner with business leaders to prioritize and mitigate risk
• Deliver risk insights and reporting to leadership for decision-making

Third-Party Risk Management

• Own vendor risk assessments, onboarding, and periodic reviews
• Build scalable due diligence and monitoring processes

Partner with procurement and legal on vendor risk decisions Security Awareness

• Lead security awareness and training programs (phishing, compliance training)
• Measure effectiveness and continuously improve engagement

GRC Operations & AI Enablement

• Manage GRC platforms (e.g., Vanta, Drata, One Trust)
• Identify and implement automation opportunities in evidence collection, risk tracking, and reporting
• Leverage AI tools to improve control monitoring, audit readiness, and workflow efficiency

Qualifications

Must-Have

• 5-9 years in GRC, security compliance, or risk within SaaS/cloud environments
• Direct ownership of SOC 2 and/or ISO 27001 audits
• Experience managing control frameworks and audit evidence lifecycle
• Strong understanding of risk assessment methodologies
• Proven ability to drive remediation across cross-functional teams

Preferred

• Experience with third-party risk programs
• Familiarity with GRC tools (Vanta, Drata, Logic Gate, One Trust)
• Experience in high-growth SaaS or PE-backed environments

Ideal

• Certifications:

CISA, CISM, CISSP, CRISC, ISO 27001 Lead

• Experience scaling GRC programs or implementing automation
• Exposure to HIPAA, GDPR, or NIST frameworks

Experience Guidelines

• 5-9 years total experience
• 2+ years directly owning audits or compliance programs
• Experience operating in environments with multiple concurrent audits

About Nasuni & Why Work Here Nasuni is the unstructured data foundation for enterprise teams—and the AI that supports them. As a Vista-backed SaaS data infrastructure company, we help organizations manage, protect, and activate massive volumes of file data—transforming it into secure, AI-ready assets for innovation and growth. Our unified File Data Platform eliminates infrastructure silos and enables global collaboration, resilience, and intelligent automation Nasuni, you’ll work at the intersection of cloud, security, and AI—solving complex challenges alongside a team that values ownership, innovation, and impact. Whether based remotely or in our Boston-area offices, you’ll contribute to a platform trusted by enterprises worldwide while growing your expertise in modern, AI-enabled data infrastructure. Why work at Nasuni?

Benefits

• Best in class employee onboarding and training
• Take What You Need paid time off policy
• Comprehensive health, dental and vision…