Sr. GRC Analyst at Fivetran

<div class="content-intro"><p>From Fivetran’s founding until now, our mission has remained the same: to make access to data as simple and reliable as electricity. With Fivetran, customer data arrives in their warehouses, canonical and ready to query, with no engineering or maintenance required. We’re proud that more organizations continue to leverage our technology every day to become truly data-driven.</p></div><p><span style="color: rgb(0, 0, 0); font-size: 10pt;"><strong>About the Role</strong></span></p> <p><span style="color: rgb(0, 0, 0); font-size: 10pt;">At Fivetran, we're on a mission to make access to data as simple and reliable as electricity. Our fully automated platform moves data from 700+ sources to any destination reliably and securely — powering the analytics, AI, and decision-making that drives modern businesses forward.</span></p> <p><span style="color: rgb(0, 0, 0); font-size: 10pt;">This role will be part of the GRC team. The Fivetran GRC team is responsible for ensuring the continuous integrity, confidentiality, and availability of customer data. Our customers trust us with their most sensitive information, and maintaining that trust is a critical, core component of both our product and our business.</span></p> <p><span style="color: rgb(0, 0, 0); font-size: 10pt;">We are seeking a motivated and detail-oriented Senior GRC Analyst to join our Security team. This role is ideal for a control-focused audit professional with a solid understanding of IT systems and infrastructure. Strong communication skills are essential, as is the ability to collaborate and influence across functions and levels of the organization. The position reports to the Director of GRC and will provide broad cross-functional exposure, working closely with teams across Security, Engineering, Operations, IT, and HR.</span></p> <p><span style="color: rgb(0, 0, 0); font-size: 10pt;">This is a full-time position based in our Bangalore office. We offer a hybrid work model that blends remote flexibility with in-person collaboration, with two days per week in office.</span></p> <p><span style="font-size: 10pt;"><strong><span style="color: #000000;">Technologies You’ll Use</span></strong></span></p> <ul> <li style="font-size: 10pt;"><span style="color: rgb(0, 0, 0); font-size: 10pt;">GRC platform for organizing, tracking, and managing controls, testing activities, and audit evidence</span></li> <li style="font-size: 10pt;"><span style="color: rgb(0, 0, 0); font-size: 10pt;">Cloud platforms, including AWS, Azure, and GCP, for understanding and evaluating cloud-hosted environments and associated controls</span></li> <li style="font-size: 10pt;"><span style="color: rgb(0, 0, 0); font-size: 10pt;">Jira for ticket management, workflow tracking, and cross-functional collaboration</span></li> <li style="font-size: 10pt;"><span style="color: rgb(0, 0, 0); font-size: 10pt;">GitHub for version control and collaboration on security documentation and policy management</span></li> <li><span style="color: #000000;"><span style="font-size: 10pt;">Google Workspace for day-to-day productivity, documentation, and internal communication</span></span></li> </ul> <p><span style="font-size: 10pt;"><strong><span style="color: #000000;">What You’ll Do</span></strong></span></p> <ul> <li style="font-size: 10pt;"><span style="color: rgb(0, 0, 0); font-size: 10pt;">Conduct control walkthroughs, testing, and evaluation of IT general controls and application controls across a complex systems landscape, with coverage spanning ISO 27001, PCI-DSS, SOC 1, SOC 2, and other applicable frameworks</span></li> <li style="font-size: 10pt;"><span style="color: rgb(0, 0, 0); font-size: 10pt;">Partner with cross-functional teams to design, implement, and continuously improve control processes and related documentation</span></li> <li style="font-size: 10pt;"><span style="color: rgb(0, 0, 0); font-size: 10pt;">Support third-party vendor assessments, evaluating vendors against established security and privacy standards and requirements</span></li> <li style="font-size: 10pt;"><span style="color: rgb(0, 0, 0); font-size: 10pt;">Develop, maintain, and update Information Security Policies and Standards in alignment with industry best practices and regulatory obligations</span></li> <li style="font-size: 10pt;"><span style="color: rgb(0, 0, 0); font-size: 10pt;">Participate in IT SOX scoping, risk assessment, and control design activities, contributing to the organization's overall internal control environment</span></li> <li style="font-size: 10pt;"><span style="color: rgb(0, 0, 0); font-size: 10pt;">Prepare and deliver clear, accurate internal status reports to communicate control findings, remediation progress, and program updates to relevant stakeholders</span></li> </ul> <p><span style="font-size: 10pt;"><strong><span style="color: #000000;">Skills We’re Looking For</span></strong></span></p> <ul> <li style="font-size: 10pt;"><span style="color: rgb(0, 0, 0); font-size: 10pt;">Demonstrated experience in security audit, IT audit, and risk management, with a strong understanding of control frameworks and audit methodologies.&nbsp;</span></li> <li style="font-size: 10pt;"><span style="color: rgb(0, 0, 0); font-size: 10pt;">Working knowledge of industry compliance frameworks, including NIST, ISO 27001, SOC 1, SOC 2, and PCI-DSS</span></li> <li style="font-size: 10pt;"><span style="color: rgb(0, 0, 0); font-size: 10pt;">Familiarity with cloud technologies and environments, including one or more of GCP, AWS, and Azure, with an understanding of cloud-specific security and control considerations</span></li> <li style="font-size: 10pt;"><span style="color: rgb(0, 0, 0); font-size: 10pt;">Strong analytical and technical problem-solving skills, with the ability to assess complex control environments and draw well-supported conclusions</span></li> <li style="font-size: 10pt;"><span style="color: rgb(0, 0, 0); font-size: 10pt;">Proven ability to work collaboratively across functions, taking initiative and contributing constructively to shared team objectives</span></li> <li style="font-size: 10pt;"><span style="color: rgb(0, 0, 0); font-size: 10pt;">Effective at managing multiple concurrent workstreams, with strong organizational skills and the ability to prioritize in a fast-paced environment</span></li> <li style="font-size: 10pt;"><span style="color: rgb(0, 0, 0); font-size: 10pt;">Excellent written, verbal, and interpersonal communication skills, with the ability to present complex information clearly to both technical and non-technical audiences</span></li> </ul> <p><span style="font-size: 10pt;"><strong><span style="color: #000000;">Bonus Skills​</span></strong></span></p> <ul> <li style="font-size: 10pt;"><span style="color: rgb(0, 0, 0); font-size: 10pt;">Familiarity with FedRAMP compliance requirements and the associated authorization process and control framework</span></li> <li style="font-size: 10pt;"><span style="color: rgb(0, 0, 0); font-size: 10pt;">Professional certifications in audit or information security, such as CISA, CISSP, AWS, or SANS GIAC designations, are strongly preferred</span></li> <li style="font-size: 10pt;"><span style="color: rgb(0, 0, 0); font-size: 10pt;">Prior experience working at or directly with a Big 4 public accounting firm, with exposure to large-scale audit and advisory engagements</span></li> <li style="font-size: 10pt;"><span style="color: rgb(0, 0, 0); font-size: 10pt;">Experience leveraging AI tools to build workflow automations and drive operational efficiencies within a GRC or security context</span></li> </ul> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 10pt;">#LI-HYBRID</span></p> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 10pt;"><span data-sheets-root="1" data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;#LI-AV1&quot;}" data-sheets-userformat="{&quot;2&quot;:15297,&quot;3&quot;:{&quot;1&quot;:0},&quot;9&quot;:0,&quot;10&quot;:2,&quot;11&quot;:0,&quot;12&quot;:0,&quot;14&quot;:{&quot;1&quot;:2,&quot;2&quot;:0},&quot;15&quot;:&quot;Calibri, sans-serif&quot;,&quot;16&quot;:12}">#LI-VM1</span></span></p><div class="content-conclusion"><p>&nbsp;</p> <p class="p-rich_text_section" style="line-height: 1.3;"><strong data-stringify-type="bold">Perks and Benefits</strong></p> <ul> <li>100% employer-paid medical insurance<strong>*</strong></li> <li>Generous paid time-off policy (PTO), plus paid sick time, inclusive parental leave policy, holidays, and volunteer days off</li> <li>RSU stock grants*</li> <li>Professional development and training opportunities</li> <li>Company virtual happy hours, free food, and fun team-building activities</li> <li>Monthly cell phone stipend</li> <li>Access to an innovative mental health support platform that offers personalized care and resources in areas such as: therapy, coaching, and self-guided mindfulness exercises for all covered employees and their covered dependents.</li> </ul> <p style="line-height: 1.3;"><em><strong>*</strong>May vary by country and worker type - please reach out to your recruiter for more information</em></p> <p style="line-height: 1.3;"><em>Click <a href="https://drive.google.com/drive/folders/1CdawUwjo1Q1B7ghZJ_owdmmHB8VtqhBu?usp=sharing" target="_blank">here</a> to learn more about Fivetran's Benefits by Region.</em></p> <hr> <p style="line-height: 1.3;">We’re honored to be <a class="c-link" href="https://fivetran.com/blog/hvr-acquisition-series-d" target="_blank" data-stringify-link="https://fivetran.com/blog/hvr-acquisition-series-d" data-sk="tooltip_parent">valued at over $5.6 billion</a>, but more importantly, we’re proud of our&nbsp;<a class="c-link" href="https://fivetran.com/culture" target="_blank" data-stringify-link="https://fivetran.com/culture" data-sk="tooltip_parent">core values of Get Stuck In, Do the Right Thing, and One Team, One Dream</a>. Read about us in&nbsp;<a class="c-link" href="https://fivetran-com.s3.amazonaws.com/news/forbes-aug-sept-2022-digital-reprint-10-21-22.pdf" target="_blank" data-stringify-link="https://fivetran-com.s3.amazonaws.com/news/forbes-aug-sept-2022-digital-reprint-10-21-22.pdf" data-sk="tooltip_parent">Forbes</a>.&nbsp; &nbsp; &nbsp;</p> <p style="line-height: 1.3;">Fivetran brings together high-quality talent across the globe to make data access as easy and reliable as electricity for our customers. We value and recognize that our customers benefit from having innovative teams made of people from many backgrounds, experiences, and identities. Fivetran promotes diversity, equity, inclusion &amp; belonging through attracting, recruiting, developing, and retaining a diverse workforce, not only because it is the right thing to do, but because it helps us build a world-class company to better serve our customers, our people and our communities.</p> <p style="line-height: 1.3;">To learn more about Fivetran’s culture and what it’s like to be part of the team, <a href="https://www.youtube.com/watch?v=xlhtp4dGh8o" target="_blank">click here</a> and enjoy our video.</p> <p style="line-height: 1.3;">To learn more about our candidate privacy policy, you can <a href="https://fivetran.com/candidate-privacy" target="_blank">read our statement here</a>.</p> <hr> <p style="line-height: 1.3;"><em>We are committed to ensuring that all candidates have an equal opportunity to participate in our interview process. If you require accommodations at any stage of the process due to a disability, medical condition, or any other circumstance, please don't hesitate to submit your request by filling out this <a href="https://forms.gle/V7k3t4u9j523XkEt6">form</a>. We will work with you to provide reasonable accommodations to facilitate your participation and ensure a fair and accessible interview experience. Your request and any information provided will be kept confidential and will not impact your candidacy. We look forward to hearing from you and accommodating your needs to the best of our ability.</em></p></div>