Senior GRC Analyst

Job Description

Introduction To Demandbase

Demandbase is the Smarter GTM company for B2B brands. We help marketing and sales teams overcome the disruptive data and technology fragmentation that inhibits insight and forces them to spam their prospects. We do this by injecting Account Intelligence into every step of the buyer journey, wherever our clients interact with customers, and by helping them orchestrate every action across systems and channels - through advertising, account-based experience, and sales motions. The result You spot opportunities earlier, engage with them more intelligently, and close deals faster.

As a company, we're as committed to growing careers as we are to building world-class technology. We invest heavily in people, our culture, and the community around us. We have offices in the San Francisco Bay Area, New York, Seattle, and teams in the UK and India, and allow employees to work remotely. We have also beencontinuously recognized as one of the best places to work in the San Francisco Bay Area.

We're committed to attracting, developing, retaining, and promoting a diverse workforce. By ensuring that every Demandbase employee is able to bring a diversity of talents to work, we're increasingly capable of living out our mission to transform how B2B goes to market. We encourage people from historically underrepresented backgrounds and all walks of life to apply.

About The Role

Demandbase is seeking a motivated and detail-oriented Senior GRC Analyst to support its global Governance, Risk, and Compliance program. Reporting to the Senior Director of GRC, you'll collaborate cross-functionally to help strengthen our compliance framework, support audits, perform risk assessments, track remediation efforts, and ensure alignment with key standards like ISO 27001, ISO 42001, ISO 27701, and SOC 2. This role offers the opportunity to work on global compliance initiatives and drive compliance and risk maturity across the business.

What You'll Be Doing

- Execute walkthroughs and tests of operating effectiveness over controls in Demandbase, IT applications, and infrastructure, in support of internal and external security audits.
- Review and help mitigate internal and external risk.
- Assist in IT audits and report on findings, track status, and ensure corrective actions are complete, sustainable and documented.
- Improve our security and privacy culture through promoting education and awareness across the organization.
- Review and improve the data life cycle (data inventory, governance, retention).
- Review and edit customer- and public-facing communications about privacy and security programs.
- Assist in operationalizing Business Continuity, Disaster Recovery, and Incident Response exercises
- Assist in AI Governance, Third Party Risk, and Security Reviews

What We're Looking For

- Demonstrated ability of 5+ years in Information Security, GRC, ERM, compliance, audit, internal controls, AI governance, or other security related areas. (Experience in cloud-based tech company is preferred)
- Understanding of general IT and cloud security controls, such as Information Security, Business Continuity, Disaster Recovery, Third Party Risk /Vendor Management, Software Development, Hardware and Software.
- Familiarity with global industry frameworks like ISO 27001, ISO 27701, SOC 2, ISO 42001, NIST CSF, NIST 800-53, and RMF.
- Detail oriented with excellent verbal and written communication skills.
- Ability to work with both business and technical areas and translate requirements between the two areas to address control deficiencies.
- Excellent interpersonal and organizational skills with an ability to coordinate with internal stakeholders and external auditors.
- Familiarity with managing GRC tools (e.g. Metricstream, Hyperproof, Vanta) and dashboards to monitor compliance posture
- Ability to adapt in a dynamic environment and manage multiple priorities effectively; Flexibility is essential and startup experience is a plus.
- Experience in project management including managing complex projects at an enterprise level
- Self-motivated and responsible individual who will represent the company with the highest level of integrity and professionalism.
- BS or MS in Computer Science, Information Systems, Engineering, or Similar.
- Bonus: Certifications such as CISSP, CRISC, CISA, CIPP are highly desirable, but not required.

Our Commitment to Diversity, Equity, and Inclusion at Demandbase

At Demandbase, we believe in creating a workplace culture that values and celebrates diversity in all its forms. We recognize that everyone brings unique experiences, perspectives, and identities to the table, and we are committed to building a community where everyone feels valued, respected, and supported. Discrimination of any kind is not tolerated, and we strive to ensure that every individual has an equal opportunity to succeed and grow, regardless of their gender identity, sexual orientation, disability, race, ethnicity, background, marital status, genetic information, education level, veteran status, national origin, or any other protected status. We do not automatically disqualify applicants with criminal records and will consider each applicant on a case-by-case basis.

We recognize that not all candidates will have every skill or qualification listed in this job description. If you feel you have the level of experience to be successful in the role, we encourage you to apply

Personal information that you submit will be used by Demandbase for recruiting and other business purposes. Our Privacy Policy explains how we collect and use personal information.

Personal information that you submit will be used by Demandbase for recruiting and other business purposes. Our Privacy Policy explains how we collect and use personal information.