Skip to content

Staff GRC Analyst

  1. Careers /
  2. Security & IT
  • Security & IT
  • United States
  • Full Time

About Vercel:

Vercel gives developers the tools and cloud infrastructure to build, scale, and secure a faster, more personalized web. As the team behind v0, Next.js, and AI SDK, Vercel helps customers like Ramp, Supreme, PayPal, and Under Armour build for the AI-native web.

Our mission is to enable the world to ship the best products. That starts with creating a place where everyone can do their best work. Whether you're building on our platform, supporting our customers, or shaping our story: You can just ship things.

About the role:

We are looking for a Staff GRC Analyst to join our Governance, Risk, and Compliance (GRC) team. You will have the opportunity to enhance our global compliance posture and further our commitment to managing enterprise risk. Your role will be instrumental in ensuring that our company operates in accordance with security requirements and embodies an environment where it’s everyone’s responsibility. This role will help shape the next iteration of the GRC program and further embed compliance requirements into the business.

Think you may not have all the skills and are hesitant to apply? There is no “perfect” candidate and encourage you to apply if you think that you can bring value to our team and are passionate and committed to upholding the highest standards of compliance and ethics.

If you’re based within a pre-determined commuting distance of one of our offices (SF, NY, London, or Berlin), the role includes in-office anchor days on Monday, Tuesday, and Friday, even if the role is listed as remote. For location-specific details, please connect with our recruiting team.

Getting started:

  • We want you to feel like part of the team early on! Our team will help integrate you into the company with explanations on our product, policies, processes, team structure and roadmap.

  • We’re excited for you to learn, grow, and contribute right away! We trust that you’ll bring experience and knowledge that will uplift and up-level the team, but we don’t expect you to know everything on Day 1.

What you will do:

  • Own and scale commercial attestation program and audits (i.e., SOC 2, ISO 27001, PCI DSS, etc.) while maintaining alignment with business objectives and market demand.

  • Design and strengthen continuous monitoring processes to improve control effectiveness and mature control implementation from audit-ready to always-ready.

  • Drive evolution of security and compliance control frameworks that set the direction for proactive risk management.

  • Partner with cross-functional stakeholders, acting as a strategic connector ****to plan, implement, maintain & remediate control activities and supporting requirements (e.g. policies, standards, processes, system configurations, etc.)

  • Champion a culture of compliance accountability and business-enablement across the organization through autonomous program governance and reporting and building trusted relationships.

About you:

  • Experience managing and running audits, certification programs and enterprise control assessments, including scope planning, defining requirements, policy and standards development, and control testing

  • Deep knowledge of audit processes, evidence requirements, and remediation lifecycle management for security and compliance frameworks (i.e., SOC 2, ISO 27001, PCI DSS)

  • Proven experience owning large-scale GRC programs, collaborating with technical and non-technical teams and driving initiatives to completion

Bonus if you:

  • Familiarity with data governance, compliance or software development tools and systems (e.g., Drata, Linear, Github, etc.)

  • Experience supporting cloud, AI-native, and open source development environments and systems

  • Experience with FedRAMP or NIST frameworks, such as 800-53, AI RMF

  • Security certifications (e.g. CISA, CISSP)

Benefits:

  • Competitive compensation package, including equity.

  • Inclusive Healthcare Package.

  • Learn and Grow - we provide mentorship and send you to events that help you build your network and skills.

  • Flexible Time Off.

  • We will provide you the gear you need to do your role, and a WFH budget for you to outfit your space as needed.

The San Francisco, CA base pay range for this role is $180,000.00 - $270,000.00. Actual salary will be based on job-related skills, experience, and location. Compensation outside of San Francisco may be adjusted based on employee location. The total compensation package may include benefits, equity-based compensation, and eligibility for a company bonus or variable pay program depending on the role. Your recruiter can share more details during the hiring process. 

Vercel is committed to fostering and empowering an inclusive community within our organization. We do not discriminate on the basis of race, religion, color, gender expression or identity, sexual orientation, national origin, citizenship, age, marital status, veteran status, disability status, or any other characteristic protected by law. Vercel encourages everyone to apply for our available positions, even if they don't necessarily check every box on the job description.

Apply Now.

Tell us why you’d be a good fit for the Staff GRC Analyst role.

Resume should be a PDF under 3.5MB.

Are you currently based in any of these countries? Please note these are the only countries where we are accepting applications

Will you require Visa Sponsorship now, or in the future?

Your authorization to work in the country where you live. Please choose the option that describes your work authorization.

Do you live in one of the following states? Alabama, Alaska, Delaware, Kansas, Maine, Mississippi, Montana, Nebraska, New Mexico, North Dakota, South Dakota, West Virginia, or Wyoming.

By submitting my application, I acknowledge that I have read and understand Vercel’s Job Applicant Privacy Notice

Please double-check all the information provided above. Ensuring accuracy is crucial, as any errors or omissions may impact the review of your application.

U.S. Standard Demographic Questions.

At Vercel, we value belonging and believe in fostering an environment where a diversity of perspectives can thrive. As part of this commitment, we invite you to voluntarily provide demographic information. Your responses will be used (in aggregate only) to help us better understand the diversity of our applicants and identify areas of improvement in our recruitment and hiring process. Your responses, or decision not to respond, will be kept confidential and will only be used in aggregate form for diversity and inclusion efforts. This information will not be associated with your specific application and will not be disclosed to the hiring team or used in the hiring decision in any way.

Individuals seeking employment are considered without regard to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, or sexual orientation. Asking the below questions help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

How would you describe your gender identity? (mark all that apply)

How would you describe your racial/ethnic background? (mark all that apply)

How would you describe your sexual orientation? (mark all that apply)

Do you identify as transgender?

Do you have a disability or chronic condition (physical, visual, auditory, cognitive, mental, emotional, or other) that substantially limits one or more of your major life activities, including mobility, communication (seeing, hearing, speaking), and learning?

Are you a veteran or active member of the United States Armed Forces?

Optionally, include links to your social media profiles.