Senior GRC Analyst (Hybrid)

Hi, Future Homie!

As a Homie, you'll be part of an unstoppable team that puts customers first, embraces each day with excitement, and strives for excellence in everything you do. We’re revolutionizing the way small businesses manage their teams and grow their business. What this means for you is a shared passion for innovation and making a difference for the people we serve. So what do you say, will you join us on our mission to empower small businesses?

Our Trust and Security team is a critical component of our organization, dedicated to safeguarding our systems, data, and customers. We have a broad scope of responsibilities encompassing application security, security operations, governance, risk, compliance (GRC), and corporate security. Collaborating closely with internal and external stakeholders, we are committed to delivering exceptional security and quality services and products. By upholding the highest standards, we ensure the protection of our customers' trust and confidence.

As a Lead GRC Analyst, you will be a key member of our Homebase Trust and Security team, contributing significantly to the development and execution of our Governance, Risk, and Compliance (GRC) program. Reporting directly to the Security Engineering Manager, you will play a key role in shaping the future of our GRC and privacy initiatives.

We are seeking a highly motivated individual with a strong foundation in compliance, risk, and privacy. Your ability to bridge the gap between technical and business domains will be essential in driving effective GRC strategies. You will collaborate closely with engineering, operations, risk, financial, and leadership teams to identify, assess, and mitigate risks, ensuring alignment with regulatory requirements. A deep understanding of common technologies and systems will be crucial for fostering productive partnerships with our engineering teams.

As a member of our Trust and Security team, you will be responsible for leading and executing a comprehensive GRC program. You will make an impact by:

• Lead and conduct external audits (SOC 2, PCI DSS) to ensure compliance with security standards.
• Collaborate with control owners to automate evidence collection.
• Manage and implement internal controls to support business operations.
• Perform risk assessments, gap analyses, and control reviews to identify deficiencies and improvements.
• Address compliance inquiries and topics for customers.
• Monitor regulatory changes in GRC and drive necessary adjustments.
• Maintain and enhance security and compliance awareness programs.
• Develop, review, and update policies, standards, and procedures to align with regulatory requirements and best practices.
• Conduct risk assessments of third-party vendors, evaluate their security and compliance, and oversee remediation of identified vendor risks through collaboration.
• Conduct regular security risk assessments and develop risk mitigation plans.
• Maintain a risk register, tracking identified risks and mitigation strategies.
• Collaborate with operations to build and monitor a privacy program.
• Develop and produce security risk management reports for management.
• Track and report key risk and performance indicators (KRIs, KPIs).
• Manage and maintain the GRC tool, ensuring data accuracy.
• Lead and ensure the timely completion of critical tasks by internal teams.
• Manage internal and external trust resources.
• Contribute to scaling GRC practices by participating in team roadmaps.
• Collaborate effectively with departments such as IT, Legal, and HR to drive GRC initiatives.
• Act as the primary point of contact between the organization and external regulators or auditors.
• Build and maintain strong relationships with both internal teams and external stakeholders.

As a Homie, you are a bar raiser, this means you come with:

• Knowledge of privacy regulations and experience in building and monitoring privacy programs.
• Experience with data analysis and reporting on key risk and performance indicators (KRIs, KPIs).
• Strong understanding of industry-specific regulations and compliance requirements like NIST CSF, NIST 800-53, and ISO 27001/27002.
• In-depth knowledge and experience across the spectrum of security, privacy, risk, and compliance domains
• Proven experience in leading and conducting external audits (SOC 2, PCI DSS) and ensuring compliance with security standards.
• Strong understanding of GRC frameworks, methodologies, and best practices.
• Demonstrated ability to perform risk assessments, gap analyses, and control reviews.
• Experience in developing, implementing, and managing internal controls to support business operations.
• Proficiency in automating evidence collection and leveraging GRC tools for efficient management.
• Excellent analytical and problem-solving skills to identify and address compliance issues.
• Ability to effectively communicate complex technical information to both technical and non-technical stakeholders.
• Strong leadership and project management skills to oversee team deliverables and ensure timely completion.
• Strong sense of accountability with the ability to work independently with minimal direction and follow-up.
• Experience in developing and maintaining vendor risk management programs.
• Bachelor's degree in information technology, cyber security,  computer science, or a related field.
• Relevant certifications (e.g., CISA, CISSP, CRISC) are preferred.
• Ability to collaborate in office weekly on Tuesdays and Wednesdays.

What We Offer 

• Stock Options - Everyone is an Owner! 
• Competitive group health benefits  coverage for you and your eligible dependents
• Group Investments, TFSA as well as an RRSP plan which offers a 4% company match
• Employer supplemented Medical, Dental, and Vision Insurance Plans
• Company-paid holidays and 20 days accrued PTO per year
• Continued learning and development stipend
• Paid parental leave after 1-year of service
• Top-of-the-line equipment and stipend for workspace setup
• Work from home days, Monday, Thursday, & Friday
• Meals provided at our vibrant workspaces
• Team offsites and monthly opportunities to engage with fellow Homies

What to Expect During the Interview Process:

• Meet the Talent Acquisition team
• Meet the Hiring Manager
• Participate in a Technical Interview
• Meet the Leadership team
• Professional Reference Checks
• Background Check + Offer Stage
• Welcome to the team, Homie💜🎉

Diversity, Equity, and Inclusion at Homebase

At Homebase, we take pride in fostering a welcoming space where every Homie of every gender, age, orientation, culture and walk of life can be their full selves. Diverse perspectives empower us to build the best-in-class platform for small businesses and hourly shift workers. We recognize that experience comes in many forms, so if you think you’re close to what we’re looking for (even if you don’t meet 100% of the qualifications), we encourage you to apply!

About Us

Our mission is to make hourly work easier for local businesses and hourly workers. Homebase currently serves more than 100,000 small (but mighty) businesses with everything they need to manage their hourly teams: employee scheduling, time clocks, payroll, team communication, hiring, onboarding, and compliance. Just don’t call us “Human Capital Management.” We have built tools for the busiest businesses, so owners and employees can spend less time on bullsh*t and more time on what matters. The Homebase team brings small business expertise from Intuit, Square, OpenTable, Yelp, Gusto, and First Data. Homebase is backed by leading venture investors Bain Capital Ventures, Baseline Ventures, Cowboy Ventures, Khosla Ventures, Plus Capital, and GGV Capital.

At Homebase, we value our differences, and we encourage all to apply. We do not discriminate on the basis of race, religion, color, gender expression or identity, sexual orientation, national origin, citizenship, age, marital status, veteran status, disability status, or any other characteristic protected by law. Homebase is proud to be an equal opportunity employer and participant in the U.S. Federal E-Verify program. Accommodations will be provided during the hiring process if needed. Please advise us of any accommodations needed within your application to ensure fair and equitable access throughout the recruitment and selection process.

**Interview Recording Notice

By participating in interviews with Homebase, you consent to the use of Metaview, a recording and transcription tool, during the interview process. Please be aware that all interviews may be recorded and transcribed for the purpose of evaluating candidates and ensuring the quality of our recruitment process. If you do not consent to being recorded, please inform the Talent Team at the beginning of the call, and appropriate arrangements will be made to accommodate your preference. Your privacy is important to us, and the recorded interviews will only be used for internal evaluation and assessment of candidates.