Grc Analyst

Job Description: GRC Analyst Location: New Delhi, India Company: Thrive Pass Experience - 5+ years About Thrive Pass At Thrive Pass, we empower organizations to offer benefits that truly matter.

Our platform supports employee wellbeing, compliance, and growth through innovative technology, data-driven insights, and exceptional user experiences.

Our culture is rooted in our CARE values: Courageous – We embrace new challenges and bold ideas.

Authentic – We value transparency and show up as our true selves.

Resourceful – We find creative solutions and make things happen.

Excellent – We take pride in our work and hold ourselves accountable.

About the Role We are seeking a Senior Compliance Analyst to lead and maintain our adherence to global regulatory and industry standards, such as SOC 2 Type II , ISO27001, GDPR, HIPAA, and CCPA.

This role is crucial for supporting our audit-readiness, improving policy frameworks, and driving a company-wide culture of compliance.

You'll work cross-functionally with internal teams and external auditors to ensure our systems and practices align with the latest compliance requirements.

Key Responsibilities Regulatory Compliance & Audit Readiness Stay current with relevant regulations, including SOC 2, GDPR, HIPAA, and CCPA.

Conduct regular gap assessments, develop remediation plans, and ensure ongoing compliance.

Prepare documentation and coordinate with third-party auditors and assessors.

Creating, reviewing, and updating internal policies, standards, and procedures to align with regulatory requirements and best practices.

Manage compliance automation tools such as Vanta AI and complete vendor risk questionnaires.

Evaluating the security posture and compliance of vendors and other third parties to minimize supply chain risks.

Business Continuity & Risk Management Lead and document Business Continuity and Disaster Recovery (BCDR) testing.

Support internal risk assessments and vendor management programs.

Work with stakeholders to address gaps and exposures caused due to risks.

Conducting risk assessments to identify, analyze, and evaluate potential threats to the organization's assets, operations, and reputation.

This includes developing and implementing risk mitigation strategies and maintaining a risk register.

Training & Enablement Promote a culture of compliance across the organization.

Facilitate internal security awareness and compliance training programs.

Act as a resource to teams on compliance-related matters without stalling innovation.

Program Oversight & Metrics Define and track KPIs to measure compliance program effectiveness.

Drive continuous improvements and ensure compliance is embedded in business processes.

Support legal, IT, and product teams in evaluating data protection requirements.

Preparing and presenting reports to management and stakeholders on the organization's risk and compliance posture.

Requirements Must-Have: Proven experience in a compliance, risk, or audit function.

Strong knowledge of SOC 2, GDPR, HIPAA, CCPA, and vendor management.

Familiarity with compliance tools like Vanta.

Excellent communication and documentation skills.

Experience working with cross-functional teams.

Skilled in drafting and managing policies and procedures.

Nice-to-Have: Experience with security awareness platforms (e.g., Know Be4).

Familiarity with ITSM systems like Freshservice.

Knowledge of AI/automation in compliance workflows.

Relevant certifications: CISA, CRISC, or equivalent.

Why Join Thrive Pass?Work in a fast-paced, mission-driven company with a meaningful product.

Learn and grow through exposure to emerging tools and technologies.

Be part of an inclusive, value-driven culture that prioritizes trust and impact.

---