Senior Staff Analyst, GRC

The Senior Staff Analyst, GRC role at Mozilla is part of the Security Function within the broader Mozilla Infrastructure team. The Security team supports Product, Enterprise, and GRC functions across the organization, aligned with the mission to build a safe and secure internet. This position is responsible for defining, developing, and implementing a Governance, Risk, and Compliance framework for both Enterprise and Product verticals. The ideal candidate will deliver an integrated framework that aligns security, privacy, regulatory, and risk management initiatives across the organization.

Key responsibilities include developing and maintaining a comprehensive GRC strategy and roadmap aligned with business objectives. The role involves leading the creation and enforcement of standards, policies, controls, audits, and reporting across various enterprise and product verticals. Additionally, the analyst will develop and operationalize a risk assessment and management framework to prioritize and remediate critical issues, define and deliver measurable scorecards and metrics for data-driven decision-making, and ensure compliance with various regulatory standards and frameworks such as ISO, NIST, SOC2, CCPA, and GDPR. The position also requires leading internal and external audit activities, including tracking and resolving deficiencies and remediations, and partnering closely with Legal, IT, Finance, and Security teams to align on the GRC program and deliver a cohesive integrated risk management framework.

The ideal candidate will have over 10 years of progressive experience in developing and delivering an integrated GRC framework. A strong understanding and deep knowledge of regulatory frameworks, processes, and tools related to building a robust GRC framework are essential. Experience leading and delivering cross-functional requirements for product and enterprise teams to implement controls and measures to meet compliance requirements is required. Relevant industry certifications such as CISA, CISSP, CISM, or CRISC are preferred. Hands-on understanding of using various technologies and tools, including SEIM and BI Tools, is beneficial. The candidate should possess strong critical thinking skills with the ability to drive long-term organizational impact, demonstrate a bias for action, and have the ability to navigate constraints to achieve business outcomes. Collaboration and influence over a diverse group of stakeholders to address cross-functional challenges and lead change are also important.

Mozilla offers generous performance-based bonus plans to all eligible employees, rich medical, dental, and vision coverage, and generous retirement contributions with 100% immediate vesting. Additional benefits include quarterly all-company wellness days, country-specific holidays plus a day off for your birthday, a one-time home office stipend, an annual professional development budget, a quarterly well-being stipend, considerable paid parental leave, and an employee referral bonus program. Other benefits such as life/AD&D, disability, and EAP vary by country.

Working at Mozilla provides an opportunity to make a difference in the lives of web users everywhere. Employees contribute to the web as a platform and help create more opportunities and innovation for everyone online. Mozilla prioritizes people and their privacy over profits, existing to make the internet a healthier, happier place for everyone.