GRC Senior Analyst
Upwind Security · Greater Kolkata Area
- Hybrid
- Full-time
- $110,000 / year
- Greater Kolkata Area
Job highlights
- Support GRC strategy and framework enhancement.
- Ensure compliance with ISO 27001, SOC 2, NIST.
- Conduct risk assessments and control gap analyses.
- Track and validate remediation of findings.
- Collaborate cross-functionally to promote security.
About the role
About Upwind Security
Upwind is a next-generation Cloud Security Platform that leverages runtime context to identify and prioritize critical risks, providing precise insights and efficient cloud security management. Unlike traditional tools, Upwind uses runtime data proactively for risk prioritization and posture insights, ensuring teams focus on what truly matters. With industry-leading efficiency and eBPF-powered sensors, Upwind delivers comprehensive capabilities, including agentless cloud posture discovery, real-time threat protection, and integrated API security. From misconfigurations to malware defense, Upwind ensures end-to-end, cost-effective cloud infrastructure protection. At Upwind, you’ll have the opportunity to think creatively, explore new ideas, and use your skills to make a meaningful impact on our growth.
Job Overview
Upwind Security is seeking a highly motivated GRC (Governance, Risk, and Compliance) Analyst to join our growing Security & Compliance team. In this role, you will be responsible for supporting the implementation, operation, and continuous improvement of our GRC framework. You will help ensure our organization’s policies, procedures, and controls align with regulatory requirements and industry best practices.
Responsibilities
- Support the execution and enhancement of the organization’s GRC strategy, including policy governance, risk assessments, compliance monitoring, and audit support.
- Assist in maintaining compliance with security frameworks and standards such as ISO 27001, SOC 2, NIST, and GDPR.
- Conduct periodic risk assessments and control gap analyses across departments.
- Track remediation of audit findings, risks, and control deficiencies, and validate completion of corrective actions.
- Support third-party risk management activities including vendor due diligence and ongoing assessments.
- Help maintain the GRC tool and ensure timely updates of risk registers, controls, and evidence repositories.
- Collaborate cross-functionally with IT, Legal, Engineering, and other business units to promote a culture of security and compliance.
- Assist in the creation and maintenance of documentation such as policies, standards, and procedures.
- Prepare reports and dashboards for management review.
- Stay updated on emerging regulations, standards, and security trends.
Requirements
- Bachelor’s degree in Information Security, Risk Management, Computer Science, or a related field.
- 4-6 years of experience in GRC, cybersecurity, risk management, or a compliance-focused role.
- Familiarity with common regulatory and compliance frameworks (e.g., ISO 27001, SOC 2, HIPAA, PCI-DSS, NIST CSF).
- Experience working with GRC platforms such as Vanta, Drata, OneTrust, or similar tools is a plus.
- Excellent communication, documentation, and stakeholder engagement skills.
- Strong attention to detail and organizational skills.
- Relevant certifications (e.g., CISA, CISM, CRISC, ISO 27001 LA, or similar) are a plus.
Key skills/competency
- GRC
- Risk Management
- Compliance
- Cybersecurity
- ISO 27001
- SOC 2
- NIST
- GDPR
- Audit Support
- Policy Governance
Skills & topics
- GRC
- Governance
- Risk
- Compliance
- Analyst
- Security
- Cybersecurity
- ISO 27001
- SOC 2
- NIST
- GDPR
- Risk Management
- Compliance Monitoring
- Audit Support
How to get hired
- Tailor your resume: Highlight GRC experience, relevant frameworks (ISO 27001, SOC 2), and GRC platforms.
- Showcase compliance expertise: Emphasize your familiarity with NIST, GDPR, and other key regulations.
- Demonstrate communication skills: Provide examples of stakeholder engagement and cross-functional collaboration.
- Prepare for GRC questions: Be ready to discuss risk assessments, policy governance, and audit support.
- Highlight certifications: Mention any relevant GRC certifications like CISA, CISM, or CRISC.
Technical preparation
Behavioral questions
Frequently asked questions
- What are the key responsibilities for a GRC Senior Analyst at Upwind Security?
- As a GRC Senior Analyst at Upwind Security, you will be responsible for supporting the GRC strategy, including policy governance, risk assessments, compliance monitoring with frameworks like ISO 27001 and SOC 2, audit support, and tracking remediation of findings. You'll also collaborate with various departments to foster a security-aware culture.
- What specific compliance frameworks does Upwind Security adhere to?
- Upwind Security maintains compliance with several key security frameworks and standards, including ISO 27001, SOC 2, NIST, and GDPR. Familiarity with these and others like HIPAA and PCI-DSS is expected.
- What kind of GRC platforms has Upwind Security experience with?
- While experience with GRC platforms like Vanta, Drata, or OneTrust is a plus, Upwind Security utilizes GRC tools to manage risk registers, controls, and evidence repositories. Demonstrating your ability to work with similar platforms will be beneficial.
- What qualifications are essential for the GRC Senior Analyst role at Upwind Security?
- Essential qualifications include a Bachelor's degree in a related field, 4-6 years of experience in GRC or a similar compliance role, strong communication and organizational skills, and familiarity with common regulatory frameworks. Relevant certifications are a plus.
- How does Upwind Security leverage GRC for cloud security?
- Upwind Security uses its GRC framework to proactively identify and prioritize critical risks in cloud environments. By integrating runtime context and focusing on precise insights, they ensure efficient cloud security management and end-to-end protection against threats and misconfigurations.