Governance, Risk, and Compliance (GRC) Analyst

What we’re building and why we’re building it. 

Every month, millions of people use America’s Rewards App, earning rewards for buying brands they love – and a whole lot more. Whether shopping in the grocery aisle, grabbing a bite at the drive-through or playing a favorite mobile game, Fetch empowers consumers to live rewarded throughout their day. To date, we’ve delivered more than $1 billion in rewards and earned more than 5 million five-star reviews from happy users. 

It’s not just our users who believe in Fetch: with investments from SoftBank, Univision, and Hamilton Lane, and partnerships ranging from challenger brands to Fortune 500 companies, Fetch is reshaping how brands and consumers connect in the marketplace. When you work at Fetch, you play a vital role in a platform that drives brand loyalty and creates lifelong consumers with the power of Fetch points. User and partner success are at the heart of everything we do, and we extend that same commitment to our employees.

Ranked as one of America’s Best Startup Employers by Forbes for two years in a row, Fetch fosters a people-first culture rooted in trust, accountability, and innovation. We encourage our employees to challenge ideas, think bigger, and always bring the fun to Fetch.

Fetch is an equal employment opportunity employer.

Position Overview:

The Governance, Risk, and Compliance (GRC) Analyst is responsible for managing and overseeing the company’s Information Security Governance framework and Risk Management program. The role ensures that the organization complies with regulatory requirements, industry standards, and internal policies while mitigating risks that could negatively impact the business. The GRC Analyst will play a key role in leading the organization’s SOC2 certification efforts and leveraging tools like Vanta to streamline compliance and risk management.

Key Responsibilities:

Governance & Compliance:

• Develop and maintain security policies, standards, and procedures that align with industry best practices and regulatory requirements.
• Manage and oversee the SOC2 compliance program, ensuring all controls are implemented, maintained, and audited successfully.
• Assist in compliance assessments (SOC2, ISO 27001, CCPA, etc.) and support internal and external audits.
• Collaborate with cross-functional teams to address any gaps identified during audits or assessments and develop remediation plans.
• Ensure alignment of security controls with business and regulatory requirements, recommending updates to policies as needed.

Risk Management:

• Perform risk assessments, identifying information security risks, evaluating their impact, and recommending risk mitigation strategies.
• Maintain and update the organization’s risk register and assist in developing risk treatment plans.
• Conduct vendor risk assessments, reviewing third-party security controls and ensuring compliance with contractual agreements and regulations.
• Develop and maintain key risk indicators to track and report on security risks across the organization.

GRC PlatformImplementation & Management:

• Leverage a GRC platform to monitor and manage compliance activities, automate evidence collection, and track the company’s progress toward SOC2 certification.
• Ensure that the GRC platform is properly configured to meet the company’s compliance objectives and maintain system integrity.
• Work closely with internal teams to integrate the GRC platform with various systems and processes, ensuring a smooth, automated compliance workflow.
• Provide training and guidance to employees on the use of Vanta and on compliance-related responsibilities.

Audit Support & Reporting:

• Support both internal and external audit processes, ensuring that appropriate documentation and evidence are provided on time.
• Work with stakeholders to ensure audit findings are tracked and remediated efficiently.
• Prepare and present reports to senior management, outlining risk assessments, compliance statuses, and remediation efforts.

Continuous Improvement:

• Stay current with industry best practices, regulatory changes, and emerging threats to continuously improve the organization’s GRC posture.
• Propose and implement improvements to the organization’s security program, ensuring alignment with the latest security frameworks and compliance requirements.
• Engage in continuous education and certification opportunities relevant to the role (e.g., CISM, CRISC).

Preferred Qualifications:

Education & Certifications:

• Bachelor’s Degree in Information Security, Cybersecurity, Information Technology, or a related field.
• GRC-related certifications such as CRISC or CISM are preferred.
• Knowledge of SOC2 certification requirements and auditing processes is preferred.
• Knowledge of industry standards such as SOC2, ISO 27001, NIST, PCI DSS, GDPR, and CCPA.

Experience:

• 3+ years of experience in Governance, Risk, and Compliance roles, focusing on security compliance and risk management.
• Hands-on experience with compliance platforms like Vanta preferred.
• Experience managing SOC2 certification efforts, including preparation, audit facilitation, and remediation.
• Strong understanding of risk management frameworks and best practices.
• Proven ability to perform and lead risk assessments and vendor risk evaluations.
• Experience working with people management and IT ensuring employee onboarding and offboarding steps are performed securely and timely to meet compliance requirements.  

Skills:

• Strong project management and organizational skills.
• Excellent written and verbal communication skills, with the ability to translate technical requirements into business-friendly language.
• Attention to detail and strong analytical skills.
• Ability to work collaboratively across departments, particularly with IT, Legal, and Business Operations teams.
• Experience with cloud computing environments preferred AWS.
• Strong understanding of identity providers, preferred Okta.
• Familiarity with Mac and Windows management and security issues.

At Fetch, we'll give you the tools to feel healthy, happy and secure through:

• Equity for everyone
• 401k Match: Dollar-for-dollar match up to 4%.
• Benefits for humans and pets: We offer comprehensive medical, dental and vision plans for everyone including your pets.
• Continuing Education: Fetch provides ten Thousand per year in education reimbursement.
• Employee Resource Groups: Take part in employee-led groups that are centered around fostering a diverse and inclusive workplace through events, dialogue and advocacy. The ERGs participate in our Inclusion Council with members of executive leadership.
• Paid Time Off: On top of our flexible PTO, Fetch observes 9 paid holidays, including Juneteenth and Indigenous People’s Day, as well as our year-end week-long break.
• Robust Leave Policies: 20 weeks of paid parental leave for primary caregivers, 14 weeks for secondary caregivers, and a flexible return to work schedule. $2000 baby bonus.
• Hybrid Work Environment: Collaborate with your team in one of our stunning offices in Madison, Birmingham, or Chicago. We’ll ensure you are equally equipped with the hardware and software you need to get your job done in the comfort of your home.