Governance, Risk, and Compliance (GRC) Senior Analyst

About Fulcrum
We operate at the intersection of technology and law, in an industry that demands agility and innovation. Our team is dedicated to developing advanced solutions for legal professionals. Our daily work involves tackling intricate challenges, providing reliable, efficient, and smart solutions for legal experts across the globe. Join us in reshaping the legal landscape with groundbreaking technology.
About the Role
We are seeking an experienced Governance, Risk, and Compliance (GRC) Senior Analyst to join our InfoSec team. This role will be instrumental in maintaining and enhancing our organization's compliance posture across multiple regulatory frameworks and industry standards. The ideal candidate will have deep expertise in compliance management, risk assessment, and audit coordination, with a proven track record of successfully managing complex compliance programs.
Key Responsibilities
Compliance Program Management

• Lead continuous compliance and operating effectiveness across SOC 1, SOC 2, ISO/IEC 27001, ISO/IEC 42001, and CSA Star Level 2 certification programs.

• Prepare policy, procedures, and control design updates to ensure ongoing compliance with applicable standards and frameworks.

• Monitor regulatory changes and emerging compliance requirements, assessing impact and recommending necessary updates to Fulcrum's policies and control activities.

Risk Management

• Conduct risk assessments to identify, analyze, and prioritize organizational risks.

• Develop and maintain risk registers and oversee progress on risk treatment plans.

• Collaborate with business units to ensure risk management practices and control activities are integrated into operational processes.

• Track and report on key risk indicators (KRIs) and compliance metrics.

Control Framework Development

• Ensure that the design of control activities is documented accurately and recommend ongoing improvements to Fulcrum's control catalog.

• Obtain, assess, and maintain control activity evidence for audit readiness.

• Support remediation efforts for identified control gaps and deficiencies.

Audit and Assessment Coordination

• Prepare audit documentation and corrective action plans as necessary.

• Track remediation activities and ensure timely closure of audit findings.

Stakeholder Collaboration

• Partner with cross-functional teams including IT, Legal, and Business Development to advance compliance initiatives

• Provide guidance to Fulcrum GT staff on compliance requirements and best practices.

• Communicate compliance status, risks, and recommendations to senior leadership.

• Serve as a subject matter expert on GRC matters across the organization

Required Qualifications
Education

• Bachelor's degree in Information Security, Computer Science, Business Administration, Risk Management, or a related field.

Experience

• Minimum 3-5 years of experience in governance, risk, and compliance roles.

• Demonstrated experience managing multiple compliance frameworks simultaneously.

• Proven track record of successfully leading audit readiness and certification efforts.

• Experience working with external auditors and certification bodies.

Technical Knowledge

• Strong understanding of information security principles, practices, and technologies.

• In-depth knowledge of risk management methodologies and frameworks (e.g., NIST CSF, COBIT).

• Familiarity with GRC tools and platforms (experience with Vanta a plus).

• Understanding of cloud security and international privacy considerations.

Preferred Experience and Certifications
Professional Certifications (One or more of the following)

• Certified Information Systems Auditor (CISA)

• Certified in Risk and Information Systems Control (CRISC)

• Certified Information Systems Security Professional (CISSP)

• Certified in Governance of Enterprise IT (CGEIT)

Benefits

• Competitive Health, Dental and Vision Insurance
• Pet Insurance
• 401k
• Flexible schedule
• Paid Holidays plus Paid Time Off

Job Type

• Full-time

Language

• English (Required)