GRC Analyst

Obsidian Security was founded in 2017 to solve the unaddressed blindspot of SaaS Security. SaaS applications provide the tools employees need to succeed and hold the business’ most critical information. If those tools become unavailable or that data is jeopardized, there is a detrimental impact on the organization. 

Obsidian proudly offers the industry's most comprehensive and powerful SaaS defense solution. We are committed to solving the challenge of SaaS Security for our customers as efficiently and effectively as possible.

We’re a passionate team optimizing for impact by solving some of the biggest challenges in cybersecurity today. We listen closely to our customers, iterate quickly, and (over) deliver to delight them. Working at Obsidian means contributing to an industry-leading cybersecurity product in an environment where customer satisfaction, privacy, and data ethics are paramount.

Obsidian Security is looking for a GSC Analyst to join our IT team.  This Analyst will have a broad scope, including:

Governance & Policy Management

• Maintain and update the Master Controls Register with mappings to frameworks (e.g., SOC 2, ISO 27001, ISO 27701, ISO 42001, GDPR, NIST).
• Track control ownership, implementation status, and evidence requirements across the organization.
• Assist in drafting, updating, and version-controlling security and compliance policies, standards, and procedures.
• Ensure policy reviews and approvals occur on schedule; coordinate with document owners and stakeholders.

Risk Management

• Support ongoing risk assessments and periodic risk reviews across business units.
• Document risk findings, mitigation plans, owners, and timelines in the Risk Register.
• Conduct third-party risk assessments for vendors, platforms, and SaaS tools.
• Collaborate with internal teams to analyze new risks introduced by product changes or infrastructure updates.
• Track risk mitigation action items and follow-up on deadlines.

Compliance and Audit Support

• Coordinate readiness activities for internal and external audits (SOC 2, ISO, etc.).
• Prepare and organize audit artifacts and walkthrough documentation.
• Work with control owners to collect, review, and validate audit evidence.
• Track open audit findings and corrective action plans; assist with resolution follow-ups.
• Support ongoing compliance readiness posture through internal reviews and testing.

Third-Party Risk & Vendor Management

• Maintain the vendor inventory and classify vendors based on risk levels.
• Issue and track security questionnaires or due diligence assessments.
• Monitor vendor compliance with contractual and regulatory requirements.
• Coordinate vendor documentation reviews (e.g., SOC 2 reports, pen test results, certifications).

Controls Testing & Security Operations Support

• Assist in the design and implementation of new security controls aligned to frameworks.
• Conduct control effectiveness testing and control gap analysis.
• Partner with engineering, DevOps, and security teams to understand and verify technical control implementations (e.g., logging, access controls, encryption).
• Track remediation activities related to failed controls or known security issues.

Pay Transparancy

Please note that the base pay range is a guideline and for candidates who receive an offer, the base pay will vary based on factors such as work location, as well as the knowledge, skills and experience of the candidate. In addition to a competitive base salary, this position is eligible for equity awards and may be eligible for incentive compensation based on factors such as experience, skills, and location.

At Obsidian, we are proud to be an equal-opportunity employer. We value diversity and hire for talent, passion, and compassion. In compliance with federal law, all persons hired will be required to submit satisfactory proof of identity and legal authorization.  If you have a need that requires accommodation, please contact accommodations@obsidiansecurity.com

Information collected and processed as part of any job applications you choose to submit is subject to Obsidian’s Applicant Privacy Policy.

Base Salary Range$110,000—$175,000 USD

Employee Benefits:

Our competitive benefits packages are designed to support our employees' well-being, both at work and at home.

• Competitive compensation with equity and 401k
• Comprehensive healthcare with dental and vision coverage
• Flexible paid time off and paid holiday time off 
• 12 weeks of new parent or family leave
• Personal and professional development resources