GRC Analyst

Job Description: GRC Analyst

Location: New Delhi, India

Company: ThrivePass

Experience - 5+ years

About ThrivePass

At ThrivePass, we empower organizations to offer benefits that truly matter. Our platform supports employee wellbeing, compliance, and growth through innovative technology, data-driven insights, and exceptional user experiences. Our culture is rooted in our CARE values:

• Courageous – We embrace new challenges and bold ideas.
• Authentic – We value transparency and show up as our true selves.
• Resourceful – We find creative solutions and make things happen.
• Excellent – We take pride in our work and hold ourselves accountable.

About the Role

We are seeking a Senior Compliance Analyst to lead and maintain our adherence to global regulatory and industry standards, such as SOC 2 Type II ,ISO27001, GDPR, HIPAA, and CCPA. This role is crucial for supporting our audit-readiness, improving policy frameworks, and driving a company-wide culture of compliance. You'll work cross-functionally with internal teams and external auditors to ensure our systems and practices align with the latest compliance requirements.

Key Responsibilities

Regulatory Compliance & Audit Readiness

• Stay current with relevant regulations, including SOC 2, GDPR, HIPAA, and CCPA.
• Conduct regular gap assessments, develop remediation plans, and ensure ongoing compliance.
• Prepare documentation and coordinate with third-party auditors and assessors.
• Creating, reviewing, and updating internal policies, standards, and procedures to align with regulatory requirements and best practices.
• Manage compliance automation tools such as Vanta AI and complete vendor risk questionnaires.
• Evaluating the security posture and compliance of vendors and other third parties to minimize supply chain risks.

Business Continuity & Risk Management

• Lead and document Business Continuity and Disaster Recovery (BCDR) testing.
• Support internal risk assessments and vendor management programs.
• Work with stakeholders to address gaps and exposures caused due to risks.
• Conducting risk assessments to identify, analyze, and evaluate potential threats to the organization's assets, operations, and reputation. This includes developing and implementing risk mitigation strategies and maintaining a risk register.

Training & Enablement

• Promote a culture of compliance across the organization.
• Facilitate internal security awareness and compliance training programs.
• Act as a resource to teams on compliance-related matters without stalling innovation.

Program Oversight & Metrics

• Define and track KPIs to measure compliance program effectiveness.
• Drive continuous improvements and ensure compliance is embedded in business processes.
• Support legal, IT, and product teams in evaluating data protection requirements.
• Preparing and presenting reports to management and stakeholders on the organization's risk and compliance posture.

Requirements

Must-Have:

• Proven experience in a compliance, risk, or audit function.
• Strong knowledge of SOC 2, GDPR, HIPAA, CCPA, and vendor management.
• Familiarity with compliance tools like Vanta.
• Excellent communication and documentation skills.
• Experience working with cross-functional teams.
• Skilled in drafting and managing policies and procedures.

Nice-to-Have:

• Experience with security awareness platforms (e.g., KnowBe4).
• Familiarity with ITSM systems like Freshservice.
• Knowledge of AI/automation in compliance workflows.
• Relevant certifications: CISA, CRISC, or equivalent.

Why Join ThrivePass?

• Work in a fast-paced, mission-driven company with a meaningful product.
• Learn and grow through exposure to emerging tools and technologies.
• Be part of an inclusive, value-driven culture that prioritizes trust and impact.