Senior Staff Analyst, GRC

The Senior Staff Analyst, GRC at Mozilla is a pivotal role within the Security Function of the Mozilla Infrastructure team. This position is responsible for defining, developing, and implementing a comprehensive Governance, Risk, and Compliance (GRC) framework across both enterprise and product verticals. The role aligns with Mozilla's mission to build a safe and secure internet, ensuring that security, privacy, regulatory, and risk management initiatives are integrated throughout the organization.

Key responsibilities include developing and maintaining a GRC strategy and roadmap aligned with business objectives, leading the creation and enforcement of standards, policies, controls, audits, and reporting across various enterprise and product verticals. The role also involves developing and operationalizing a risk assessment and management framework to prioritize and remediate critical issues, ensuring compliance with regulatory standards such as ISO, NIST, SOC2, CCPA, and GDPR, and leading internal and external audit activities, including tracking and resolving deficiencies and remediations. Additionally, the analyst will partner closely with Legal, IT, Finance, and Security teams to align on the GRC program and deliver a cohesive integrated risk management framework.

The ideal candidate will have over 10 years of progressive experience in developing and delivering an integrated GRC framework, with a strong understanding of regulatory frameworks, processes, and tools related to building a robust GRC framework. Experience in leading cross-functional requirements for product and enterprise teams to implement controls and measures to meet compliance requirements is essential. Relevant industry certifications such as CISA, CISSP, CISM, or CRISC are required. Hands-on experience with security tools and technology, including SIEM and BI tools, is also necessary. The candidate should possess strong critical thinking skills, the ability to develop Root Cause Analysis and remediation plans, and a background that demonstrates a bias for action and the ability to navigate constraints to achieve business outcomes.

Mozilla offers a generous performance-based bonus plan to all eligible employees, rich medical, dental, and vision coverage, and generous retirement contributions with 100% immediate vesting. Additional benefits include quarterly all-company wellness days, country-specific holidays plus a day off for your birthday, a one-time home office stipend, an annual professional development budget, a quarterly well-being stipend, considerable paid parental leave, and an employee referral bonus program. Other benefits such as life/AD&D, disability, and EAP vary by country.

Working at Mozilla provides an opportunity to make a difference in the lives of web users everywhere. The company prioritizes people and their privacy over profits, aiming to make the internet a healthier, happier place for everyone. Employees are encouraged to bring their drive, creativity, big ideas, and new perspectives to make a meaningful impact. Mozilla's unique corporate structure ensures that every decision upholds its mission to keep the internet open and accessible, offering a culture of exploration and a commitment to mentorship, with abundant opportunities to learn and grow.