PitchMeAI
Demandbase

Sr Analyst, Governance Risk and Compliance

Demandbase · India

  • Hybrid
  • Full-time
  • $100,000 / year
  • India

Job highlights

  • Advance Demandbase's global GRC program.
  • Execute audits, assess risk, and manage compliance.
  • Apply ISO, SOC 2, and NIST frameworks.
  • Collaborate with engineering, product, and business teams.
  • Remote role with flexible U.S. hours.

About the role

About The Role

As a Senior GRC Analyst, you will play a key role in advancing Demandbase’s global Governance, Risk, and Compliance (GRC) program. This role requires a balance of hands-on execution and independent judgment, ensuring that compliance requirements are not only met, but translated into meaningful risk management outcomes. Reporting to the Senior Director of GRC, you will work cross-functionally to drive audit readiness, assess risk, and strengthen the company’s security and compliance posture. You will be expected to operate with a high degree of independence, taking ownership of work from initial assessment through final validation and closure. This is an opportunity to contribute directly to a growing global security program and build deep expertise across governance, risk, compliance, and emerging domains such as AI assurance.

This is a fully remote position based in India. Some flexibility is required for calls during the U.S. business hours each week. Candidates should be able to accommodate 2–3 late evening calls per week (IST), typically between 6:30–10:00pm IST.

Roles & Responsibilities

Execution & Ownership
  • Independently execute audit and compliance activities, including walkthroughs, control testing, and evidence review.
  • Drive audit findings and remediation efforts through to completion, ensuring issues are fully validated and appropriately closed.
  • Take ownership of deliverables and ensure they are complete, accurate, and ready for use without rework.
  • Identify gaps during execution and proactively drive resolution or escalate where needed.
Risk Analysis & Decision Support
  • Analyze risk and compliance data to identify trends, gaps, and areas of concern.
  • Translate findings into clear, prioritized actions that can inform business decisions.
  • Move beyond reporting to ensure outputs are actionable and tied directly to risk outcomes.
  • Provide input into risk posture and help guide where attention and resources should be focused.
Framework Application & Practical Implementation
  • Apply working knowledge of frameworks such as ISO 27001, ISO 27701, ISO 42001, SOC 2, and NIST to real-world scenarios.
  • Translate control requirements into practical implementation steps for technical and business teams.
  • Ensure controls are not only documented, but operationally effective and aligned to risk.
Policy & Documentation Management
  • Maintain and update policies and documentation with a focus on accuracy, clarity, and usability.
  • Perform end-to-end validation of documentation, including verifying links, references, and consistency.
  • Identify and clearly communicate gaps in documentation, even when ownership resides with another team.
  • Ensure documentation reflects current state and supports audit and compliance needs.
Cross-Functional Collaboration
  • Work with engineering, product, and business teams to drive compliance outcomes.
  • Communicate clearly with both technical and non-technical stakeholders.
  • Navigate ambiguity and move work forward by identifying next steps and removing blockers.
  • Balance collaboration with ownership of outcomes, not just coordination.

Qualifications

  • 4–8+ years of experience in Governance, Risk, Compliance, Security, or Audit roles.
  • Strong working knowledge of ISO, SOC 2, and/or NIST frameworks.
  • Experience supporting or executing audit and compliance activities.
  • Ability to evaluate evidence and determine whether it adequately addresses risk.
  • Strong analytical skills with the ability to move from data to insight to action.
  • Clear and confident communication skills across global teams.
  • Candidates should demonstrate prior experience independently owning and driving audit, risk, or compliance work to completion, including validating deliverables and determining next steps without relying on continuous direction.
  • Bachelor’s or Master’s degree in Computer Science, Information Systems, Information Security, or a related field.

Preferred Qualifications

  • Experience in a SaaS or technology company.
  • Experience with GRC tools (Hyperproof, Vanta, MetricStream, etc.).
  • Exposure to AI governance, third-party risk, or security reviews.
  • Relevant certifications such as CISA, CISM, CRISC, ISO 27001 Lead Auditor/Implementer, or equivalent are preferred, but not required.

Key skills/competency

  • Governance, Risk, and Compliance (GRC)
  • Audit Readiness
  • Risk Assessment
  • Security Compliance
  • ISO 27001
  • SOC 2
  • NIST Frameworks
  • Policy Management
  • Cross-Functional Collaboration
  • AI Governance

Skills & topics

  • Governance
  • Risk
  • Compliance
  • GRC Analyst
  • Security
  • Audit
  • ISO 27001
  • SOC 2
  • NIST
  • Remote
  • India

How to get hired

  • Tailor your resume: Highlight your 4-8+ years in GRC, security, or audit roles, emphasizing experience with ISO, SOC 2, and NIST frameworks.
  • Showcase independent ownership: Provide examples of independently driving audit, risk, or compliance projects to completion.
  • Quantify your impact: Use data to demonstrate your analytical skills and ability to translate findings into actionable business decisions.
  • Prepare for remote collaboration: Be ready to discuss your experience communicating with global technical and non-technical teams, and managing tasks across different time zones.

Technical preparation

Master ISO 27001, SOC 2, NIST frameworks thoroughly.,Practice control testing and evidence review techniques.,Familiarize with GRC tools like Vanta or Hyperproof.,Understand AI governance and third-party risk concepts.

Behavioral questions

Describe a time you independently drove a GRC initiative.,How do you handle conflicting priorities in risk management?,Explain a complex compliance issue to a non-technical audience.,How do you ensure documentation is accurate and usable?

Frequently asked questions

What are the key responsibilities for a Senior Analyst, Governance Risk and Compliance at Demandbase?
As a Senior Analyst, Governance Risk and Compliance at Demandbase, you will focus on advancing the company's global GRC program. This involves executing audits, assessing risks, ensuring compliance with frameworks like ISO 27001 and SOC 2, managing policies, and collaborating with various teams to strengthen the overall security and compliance posture. You will independently own and drive GRC initiatives from assessment to closure.
What GRC frameworks are important for this role at Demandbase?
Demandbase values strong working knowledge of frameworks such as ISO 27001, ISO 27701, ISO 42001, SOC 2, and NIST. Familiarity with these frameworks is crucial for applying them to real-world scenarios, translating control requirements, and ensuring operational effectiveness and risk alignment.
Is this a remote position and what are the location requirements for the Senior Analyst, GRC role?
Yes, this is a fully remote position. Candidates should be based in India. While remote, some flexibility is required to accommodate 2-3 late evening calls per week to overlap with U.S. business hours, typically between 6:30 PM and 10:00 PM IST.
What experience level is expected for the Senior Analyst, Governance Risk and Compliance position?
Demandbase is looking for candidates with 4-8+ years of experience in Governance, Risk, Compliance, Security, or Audit roles. Prior experience in independently owning and driving GRC work, including validating deliverables and determining next steps, is highly valued.
What are the preferred qualifications for the Senior Analyst, GRC role at Demandbase?
Preferred qualifications include experience in a SaaS or technology company, familiarity with GRC tools like Hyperproof or Vanta, and exposure to AI governance or third-party risk assessments. Relevant certifications such as CISA, CISM, CRISC, or ISO 27001 Lead Auditor are also beneficial but not mandatory.
How does Demandbase approach Diversity, Equity, and Inclusion for the Senior Analyst, GRC role?
Demandbase is committed to fostering a diverse and inclusive workplace where everyone feels valued and respected. They encourage applications from individuals with diverse backgrounds and experiences, and they do not automatically disqualify candidates based on criminal records, considering each case individually. They emphasize that not all candidates may meet every qualification, and encourage those with the relevant experience to apply.