Governancen Risk & Compliance Analyst

Introduction to Demandbase:

Demandbase is the only pipeline AI platform that empowers GTM teams to automate growth at

scale. With a unified view of data, insights, actions, and outcomes, B2B enterprises can

seamlessly align and execute their account-based GTM strategies with confidence. Thousands

of businesses trust Demandbase to maximize revenue, minimize waste, and consolidate their

data and tech stacks all in one platform.

As a company, we're as committed to growing careers as we are to building world-class

technology. We invest heavily in people, our culture, and the community around us. We have

also continuously been recognized as One of The Best Places To Work in the San Francisco

Bay Area by Fortune, and One of The 60 Best Companies To Sell For by Selling Power. Our

offices are located in San Francisco, New York, Austin, Seattle, India, and the United Kingdom.

About the Role

As a Senior GRC Analyst, you will play a pivotal role in advancing Demandbase's global

Governance, Risk, and Compliance (GRC) program. Reporting to the Senior Director of GRC,

you will partner across teams to strengthen our compliance framework, manage audits, perform

risk assessments, and drive continuous improvement in our security and privacy posture.

You will help ensure ongoing alignment with global standards such as ISO 27001, ISO 27701,

ISO 42001, and SOC 2, while contributing to the maturity of our enterprise risk and compliance

operations. This is an opportunity to make a significant impact on a growing, global security

program and advance your expertise in governance, risk, compliance, and AI assurance.

Responsibilities

Governance, Risk & Compliance Execution

Perform walkthroughs, control testing, and evidence collection across IT systems,

applications, and infrastructure to support internal and external security audits.

Conduct and assist in risk assessments, identifying and tracking remediation efforts to

resolution.

Support audits and assessments by coordinating with internal stakeholders and external

auditors, ensuring timely and complete corrective actions.

Maintain documentation and dashboards within GRC tools (e.g., MetricStream,

Hyperproof, Vanta) to monitor compliance posture and progress.

Frameworks & Program Development

Contribute to maintaining and improving compliance programs in alignment with ISO

27001, ISO 27701, ISO 42001, SOC 2, and other relevant standards (NIST CSF, NIST

800-53, RMF).

Collaborate with technical and business teams to translate regulatory and control

requirements into practical implementation steps.

Support operationalization of Business Continuity, Disaster Recovery, and Incident

Response processes and exercises.

Contribute to the design and governance of emerging compliance domains, including AI

Governance, Third-Party Risk Management, and Security Reviews.

Culture, Communication & Continuous Improvement

Promote security and privacy awareness across the organization through training,

education, and engagement initiatives.

Review and refine customer- and public-facing communications related to privacy,

compliance, and security.

Identify opportunities to improve the data lifecycle (inventory, governance, retention, and

protection).

Partner with cross-functional teams to enhance operational resilience and embed

compliance best practices into daily workflows.

Qualifications

5+ years of experience in Information Security, GRC, ERM, compliance, audit, or internal

controls, preferably in a cloud-based technology company.

Strong understanding of IT and cloud security controls, including Information Security,

Business Continuity, Disaster Recovery, Vendor Management, and SDLC processes.

Familiarity with global frameworks and standards (ISO 27001, ISO 27701, ISO 42001,

SOC 2, NIST CSF, NIST 800-53, RMF).

Proven ability to work across business and technical domains, translating complex

control requirements into actionable solutions.

Excellent communication, organization, and stakeholder management skills.

Experience managing GRC platforms and compliance dashboards (e.g., MetricStream,

Hyperproof, Vanta).

Strong project management background with experience coordinating complex,

cross-functional initiatives.

Flexible and self-driven, able to thrive in a dynamic, fast-paced environment.

Bachelor's or Master's degree in Computer Science, Information Systems, Engineering,

or a related field.