Compliance Analyst

Canada; Remote

Applications have closed

Grammarly

Grammarly makes AI writing convenient. Work smarter with personalized AI guidance and text generation on any app or website.

View company page

Grammarly offers a remote-first hybrid working model. Team members can work primarily remotely. Teams will meet in person every quarter in one of Grammarly’s hubs, currently in San Francisco, Vancouver, New York, and Kyiv. To ensure that teams are able to overlap in their working hours and to meet face-to-face when needed, all team members need to live within three time zones of their direct team.

Grammarly team members in this role must be based in Canada or the United States.

The opportunity 

Grammarly empowers people to thrive and connect, whenever and wherever they communicate. Every day, 30 million people and 30,000 teams around the world use our AI-powered writing assistant. All of this begins with our team collaborating in a values-driven and learning-oriented environment. 

To achieve our ambitious goals, we’re looking for a Compliance Analyst to join our Governance, Risk, and Compliance team. This role will work closely with a wide variety of global teams at Grammarly to further evolve our compliance program at a truly global scale to assure and increase trust in our security posture among our existing and future users.

The Compliance Analyst is a business enabler and is responsible for supporting and executing critical portions of the regulatory compliance roadmap. This person will ensure that the regulatory roadmap supports business, sales, and revenue objectives while maintaining an alliance with existing information security standards. 

This person will work closely with Information Security, Legal, Engineering, Product and other teams to ensure regulatory control requirements are translated into Grammarly-understandable language that is informed by the organization’s current security practices and standards. We are not a check-box security organization and as such the person in this role will have the opportunity to participate in control requirements and remediation initiatives that result in pragmatic solutions for Grammarly and its users.  

Grammarly’s engineers and researchers have the freedom to innovate and uncover breakthroughs—and, in turn, influence our product roadmap. The complexity of our technical challenges is growing rapidly as we scale our interfaces, algorithms, and infrastructure. Read more about our stack or hear from our team on our technical blog.

Your impact

As a Compliance Analyst, you will:

  • Own and further mature our information security controls framework in partnership with other functions.
  • Maintain our existing certification program that contains a wide range of global certifications, such as SOC 2 Reports, ISO270XX certifications, PCI DSS.
  • Join our efforts in pursuit of Grammarly’s federal authorization program.
  • Work closely as a business enabler with other functions (including Sales and Marketing) to help them assure trust among our users via close collaboration or pursuit of new certification opportunities.
  • Manage risks of our supply chain through thirdparty risk assessments and audits.
  • Establish and maintain user-friendly processes and procedures that fulfill audit and compliance requirements.
  • Build the implementation of compliance automation roadmaps to reduce burden on manual operations.
  • Conduct periodic information security risk assessments and business impact analyses.
  • Design and implement a company-wide information security awareness program in partnership with the rest of the Security organization.

We’re looking for someone who

  • Embodies our EAGER values—is ethical, adaptable, gritty, empathetic, and remarkable.
  • Is able to collaborate in person 2–4 weeks per quarter, traveling if necessary to the hub where the team is based.
  • Knows how to build a bridge between regulatory frameworks and agile product organizations within a highly dynamic engineering culture.
  • Has a good knowledge of security frameworks and standards and has working proficiency in implementing common control frameworks (e.g., GDPR, CCPA, SSAE 16, FedRAMP/NIST 800-53, HIPAA, ISO 270XX, PCI DSS) in cloud-first organizations.
  • Builds and maintains healthy and productive relations with external assessors (e.g., auditors, customers, and federal agencies, such as FedRAMP PMO).
  • Enjoys managing complex projects or programs with multiple stakeholders and a well-established timeline toward a specific goal.
  • Enjoys being a mentor while having a natural curiosity to learn from others as well.
  • Becomes a partner to engineering and non-engineering teams through understanding their needs and challenges when implementing new or modifying existing security controls.

Nice to have

  • BA or BS in a technical or security field or equivalent experience
  • Experience managing multi-cloud compliance or a FedRAMP authorization program
  • Background in systems, software, or IT administration and past responsibility over the implementation of technical security controls
  • Any of the following certifications: CISA, CISSP, CISM, CCSP, or ISO-related certifications
  • Knowledge of business continuity or contingency planning

Support for you, professionally and personally

  • Professional growth: We hire people we trust, and we give team members autonomy to do their best work. We also support professional development with training, coaching, and regular feedback.
  • A connected team: Grammarly builds a product that helps people connect, and we apply this mindset to our own team. We have a highly collaborative culture supported by our EAGER values. We also take time to celebrate our colleagues and accomplishments with global, local, and team-specific events and programs.
  • Comprehensive benefits: Grammarly offers all team members competitive pay along with a benefits package encompassing superior health care (including mental health benefits). We also offer support to set up a home office, ample and defined time off, gym and recreation stipends, admission discounts, and more.

We encourage you to apply

At Grammarly, we value our differences, and we encourage all—especially those whose identities are traditionally underrepresented in tech organizations—to apply. We do not discriminate on the basis of ancestry, race, place of origin, political belief, religion, marital status, family status, physical or mental disability, sex, sexual orientation, gender identity or expression, age, or any other characteristic protected by law. Grammarly is an equal opportunity employer and abides by the Employment Equity Act.

Grammarly currently supports the long-term work of team members in the following Canadian provinces: British Columbia, Ontario 

Grammarly currently supports the long-term work of team members in the following US states: Arizona, California, Colorado, Florida, Georgia, Illinois, Maine, Massachusetts, Minnesota, Nevada, New Jersey, New York, North Carolina, Oregon, Pennsylvania (Kennett Township, New London Township, Pittsburgh City, Shaler Township), South Carolina, Texas, Utah, Virginia, and Washington, as well as the District of Columbia

Please note that Grammarly’s COVID-19 vaccination policy requires that all team members in North America be vaccinated against COVID-19 to meet in person for Grammarly business or to work from a North America hub location. It is expected that this will be a requirement for this role. Qualified candidates in North America who cannot be vaccinated for medical reasons or because of a sincerely held religious belief may request a reasonable accommodation to this policy. For Ukraine, this policy requires team members to be vaccinated or produce a daily negative COVID-19 test administered at the Kyiv hub to work from the hub or attend in-person meetings.

#LI-Remote

Tags: Agile Audits Automation CCPA CCSP CISA CISM CISSP Cloud Compliance FedRAMP GDPR Governance HIPAA NIST PCI DSS SOC 2

Perks/benefits: Career development Competitive pay Equity Health care Home office stipend Team events

Regions: Remote/Anywhere North America
Country: Canada
Job stats:  15  3  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.