Mission
We’re seeking a GRC Analyst to join our team and drive compliance by proactively gathering evidence, monitoring systems, and ensuring adherence to company-wide controls. In this role, you will also be responsible for conducting vendor assessments to ensure that third-party vendors comply with our regulatory and security controls. Success in this role depends on your ability to take ownership, work independently, and act as a driving force in maintaining our governance, risk management, and compliance frameworks. Experience with AI regulations, GDPR, CCPA, and other data privacy regulations is highly valued, as we operate in a rapidly evolving regulatory landscape.
In this role, you’ll leverage tools like Drata to streamline compliance processes, collaborate with cross-functional teams, and contribute to a secure and accountable organizational culture.
Your profile
As a GRC Analyst, you will:
Use Drata to manage compliance activities, including evidence collection, process monitoring, and control validation.
Conduct vendor assessments to evaluate third-party vendors’ adherence to compliance standards and regulatory requirements.
Ensure compliance with frameworks such as ISO 27001, SOC 2, GDPR, CCPA, and emerging AI regulations.
Collaborate with process owners and teams to align systems and workflows with regulatory requirements and company policies.
Monitor cloud environments, primarily AWS, for compliance with organizational controls and standards.
Support internal and external audits by preparing documentation, gathering evidence, and engaging with auditors.
Provide guidance on data privacy and compliance best practices to business and technical teams.
Develop and maintain dashboards, reports, and documentation to provide visibility into compliance activities.
Design and refine processes to integrate compliance into day-to-day operations.
Your Profile
3+ years of experience in GRC, compliance, or audit roles, with a focus on proactive evidence collection, process monitoring, and vendor assessments.
Familiarity with governance frameworks like ISO 27001, SOC 2, and data privacy regulations such as GDPR and CCPA.
Proficiency with Drata or similar GRC tools to manage compliance programs and evidence collection.
Experience with cloud environments, especially AWS, and understanding of compliance-related configurations.
Strong organizational and self-management skills, with a proactive, self-driven approach to problem-solving.
Excellent interpersonal and communication skills for collaboration across technical and non-technical teams.
Technical IT security knowledge is a plus, providing insights into control design and risk assessment.
Nice to Have
Advanced Excel or Power BI proficiency for data analysis and reporting.
Certifications like CIPP/E, CISA, CRISC, or ISO 27001 Lead Auditor/Implementer.
Experience with emerging AI regulations and industry standards for responsible AI governance.
Demonstrated ability to stay ahead of regulatory changes and adapt processes accordingly.
Who are we?
We are Aily Labs, a fast-growing AI startup delivering cutting-edge AI products. Since 2020, we’ve grown to over 300 professionals across Munich, Barcelona, Madrid, Cluj, and New York. Our diverse team fosters innovation, excellence, and compliance to build products that meet the highest security and privacy standards.
