Information Security GRC Analyst

The Information Security GRC Analyst at OneTrust plays a pivotal role in maintaining and enhancing customer trust by addressing security, privacy, and compliance inquiries. This position involves close collaboration with teams across Information Security, GRC, Legal, Privacy, Sales, and Customer Success to efficiently manage customer due diligence requests, ensuring responses are accurate, consistent, and aligned with the company's security posture and contractual commitments.

Key responsibilities include responding to customer security questionnaires and due diligence requests promptly and accurately, providing necessary security documentation and artifacts, and serving as the primary contact for customer-facing security and compliance inquiries during sales cycles and renewals. The role also entails partnering with various internal teams to support customer assurance needs, coordinating with control owners to validate responses, and maintaining a centralized repository of approved questionnaire responses and security artifacts.

Candidates should possess 2–4 years of experience in Information Security, GRC, Customer Assurance, Risk Management, or Compliance. Hands-on experience with customer security questionnaires and audit requests is essential, along with familiarity with security frameworks and standards such as SOC 2, ISO 27001, NIST, PCI DSS, and HIPAA. Strong written communication skills, the ability to manage multiple requests in a fast-paced environment, and experience in a SaaS or cloud-based environment are also required.

OneTrust offers a comprehensive benefits package, including healthcare coverage, flexible PTO, equity RSUs, annual performance bonuses, retirement account support, and paid parental leave. The company embraces an office-first culture, encouraging three days a week in the office for most roles, with meaningful opportunities for in-person collaboration and celebration.

Joining OneTrust means becoming part of a diverse and inclusive team dedicated to meaningful work. The company is committed to employee growth, offering career development opportunities and support for professional certifications. OneTrust's mission to enable innovation through responsible data and AI use provides a dynamic environment for professionals passionate about data security and compliance.