Sr. GRC Analyst

About the Role

At Fivetran, we're on a mission to make access to data as simple and reliable as electricity. Our fully automated platform moves data from 700+ sources to any destination reliably and securely — powering the analytics, AI, and decision-making that drives modern businesses forward.

This role will be part of the GRC team. The Fivetran GRC team is responsible for ensuring the continuous integrity, confidentiality, and availability of customer data. Our customers trust us with their most sensitive information, and maintaining that trust is a critical, core component of both our product and our business.

We are seeking a motivated and detail-oriented Senior GRC Analyst to join our Security team. This role is ideal for a control-focused audit professional with a solid understanding of IT systems and infrastructure. Strong communication skills are essential, as is the ability to collaborate and influence across functions and levels of the organization. The position reports to the Director of GRC and will provide broad cross-functional exposure, working closely with teams across Security, Engineering, Operations, IT, and HR.

This is a full-time position based in our Bangalore office. We offer a hybrid work model that blends remote flexibility with in-person collaboration, with two days per week in office.

Technologies You’ll Use

• GRC platform for organizing, tracking, and managing controls, testing activities, and audit evidence
• Cloud platforms, including AWS, Azure, and GCP, for understanding and evaluating cloud-hosted environments and associated controls
• Jira for ticket management, workflow tracking, and cross-functional collaboration
• GitHub for version control and collaboration on security documentation and policy management
• Google Workspace for day-to-day productivity, documentation, and internal communication

What You’ll Do

• Conduct control walkthroughs, testing, and evaluation of IT general controls and application controls across a complex systems landscape, with coverage spanning ISO 27001, PCI-DSS, SOC 1, SOC 2, and other applicable frameworks
• Partner with cross-functional teams to design, implement, and continuously improve control processes and related documentation
• Support third-party vendor assessments, evaluating vendors against established security and privacy standards and requirements
• Develop, maintain, and update Information Security Policies and Standards in alignment with industry best practices and regulatory obligations
• Participate in IT SOX scoping, risk assessment, and control design activities, contributing to the organization's overall internal control environment
• Prepare and deliver clear, accurate internal status reports to communicate control findings, remediation progress, and program updates to relevant stakeholders

Skills We’re Looking For

• Demonstrated experience in security audit, IT audit, and risk management, with a strong understanding of control frameworks and audit methodologies. 
• Working knowledge of industry compliance frameworks, including NIST, ISO 27001, SOC 1, SOC 2, and PCI-DSS
• Familiarity with cloud technologies and environments, including one or more of GCP, AWS, and Azure, with an understanding of cloud-specific security and control considerations
• Strong analytical and technical problem-solving skills, with the ability to assess complex control environments and draw well-supported conclusions
• Proven ability to work collaboratively across functions, taking initiative and contributing constructively to shared team objectives
• Effective at managing multiple concurrent workstreams, with strong organizational skills and the ability to prioritize in a fast-paced environment
• Excellent written, verbal, and interpersonal communication skills, with the ability to present complex information clearly to both technical and non-technical audiences

Bonus Skills​

• Familiarity with FedRAMP compliance requirements and the associated authorization process and control framework
• Professional certifications in audit or information security, such as CISA, CISSP, AWS, or SANS GIAC designations, are strongly preferred
• Prior experience working at or directly with a Big 4 public accounting firm, with exposure to large-scale audit and advisory engagements
• Experience leveraging AI tools to build workflow automations and drive operational efficiencies within a GRC or security context

#LI-HYBRID

#LI-VM1