Information Security - GRC Analyst (Governance, Risk & Compliance)


Applications have closed

About G2 - Our People 

G2 was founded to create a place where people will love to work. We strive to create meaning in work and provide more than just a job: a true calling. At the heart of our community and culture are our people. Our global G2 team comes from a wide range of backgrounds and experiences, and that’s what makes our G2 community  strong and vibrant. We want everyone to bring their authentic selves to work, and we do this through our company and team events, our G2 Gives charitable initiatives, and our Employee Resource Groups (ERGs). 

Our employee-led, leadership-supported ERGs celebrate the diversity of our team, foster inclusivity and belonging, and create a space to connect to each other. Through connections and understanding, we build a stronger and more dynamic global team and help every person reach their personal peak.

We support our employees by offering generous benefits, such as flexible work, ample parental leave, and unlimited PTO. Click here to learn more about our benefits. 


About G2 - The Company

When you join G2, you join the global team behind the largest and most trusted software marketplace. Every month, 5.5 million people come to G2 to inform smarter software decisions based on honest peer reviews. Authenticity is our focus, and every day we help thousands of companies, and hundreds of employees, propel their potential. Ready for meaningful work that starts and ends with compassion and heart? You’ve come to the right place.

G2 is going through exciting growth! We’ve recently secured our Series D funding of $157 million, which will further allow us to grow and develop our product and people. Read about it here!

About The Role

G2 is looking for a bright, organized, and dependable person who is passionate about governance, risk, and compliance. The GRC Analyst will be instrumental in driving our compliance and risk efforts, ensuring G2 alignment with programs  such as ISO27001, SOC2, CSA and others relevant frameworks . They will collaborate closely with various internal teams to provide insights, guidance, and oversight related to GRC best practices.The ideal candidate is excited about joining a fast paced, industry leading company. We are looking for a self-motivated professional who will help build out G2’s information security initiatives!

This is a hybrid position, with the team meeting in person one-two days a week at our Chicago HQ.

In This Role, You Will: 

  • Evaluate, benchmark, and align our SaaS operations with SOC2, ISO27001, CSA, and other relevant compliance frameworks.
  • Perform IT risk assessments, identify vulnerabilities, and work closely with technical teams to ensure that risks are mitigated appropriately.
  • Coordinate internal and external audits, serve as the main point of contact for auditors, provide required documentation, and ensure timely closure of audit findings.
  • Develop, maintain, and update comprehensive information security policies, procedures, and controls in line with recognized standards and best practices.
  • Collaborate with different departments and provide guidance on compliance requirements and best practices.
  • Stay updated with the latest compliance requirements, technological advancements, and industry best practices to ensure continuous improvement of G2’'s information security posture.
  • Training & Awareness: Coordinate and contribute to information security awareness and training programs to foster a culture of security within the organization.

Minimum Qualifications:

We realize applying for jobs can feel daunting at times. Even if you don’t check all the boxes in the job description, we encourage you to apply anyway. 

  • Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or related work experience.
  • 1-3 years of proven experience in governance, risk, and compliance roles, preferably within a SaaS environment.
  • Information security certifications such as CISSP, CISM, or CISA are preferred.
  • Familiarity with SOC2, ISO27001, NIST, CSA, and other relevant compliance frameworks.
  • Understanding of IT and security concepts, best practices, and market trends.
  • Excellent communication skills, both written and verbal, with the ability to convey complex security issues to non-technical stakeholders.
  • Strong organizational and project management skills with a keen attention to detail.

What Can Help Your Application Stand Out:

  • Other certifications such as. Security+, GSEC, PMP, etc are a plus
  • Worked with GRC tools like Drata, Whistic, Auditboard, Vanta, for managing audit controls, evidence gathering and reporting before. 
  • Familiarity with privacy regulations  like GDPR, CCPA, and LGPD. 
  • Experience in other technical or non technical areas (business administration, legal, product management, project management,software development, etc)

Our Commitment to Inclusivity and Diversity

At G2, we are committed to creating an inclusive and diverse environment where people of every background can thrive and feel welcome. We consider applicants without regard to race, color, creed, religion, national origin, genetic information, gender identity or expression, sexual orientation, pregnancy, age, or marital, veteran, or physical or mental disability status. Learn more about our commitments here


For job applicants in California, the United Kingdom, and the European Union, please review this applicant privacy notice before applying to this job.


* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Audits CCPA CISA CISM CISSP Compliance Computer Science GDPR Governance GSEC ISO 27001 NIST Privacy Risk assessment SaaS SOC 2 Vulnerabilities

Perks/benefits: Career development Flex vacation Parental leave Team events Unlimited paid time off

Region: North America
Country: United States
Job stats:  26  3  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.