GRC Analyst

About OpenSesame

OpenSesame’s mission is to help develop the world’s most productive and admired workforces. We offer a comprehensive catalog of more than 40,000 eLearning courses from top publishers, but what we truly provide is the opportunity for companies to enhance and upgrade the skills of their employees.

As we continue to grow, we are diversifying revenue streams, expanding our product offerings, and strengthening our partner network. Our customer base has high satisfaction ratings, and there is significant opportunity to further improve retention and overall impact.

Learn more: www.opensesame.com/about

About the Team

At OpenSesame, the Compliance Team plays a critical role in ensuring adherence to industry standards, regulatory requirements, and internal security policies. We are a collaborative and detail-oriented team dedicated to maintaining compliance with ISO 27001, SOC 2, and other frameworks while supporting internal and external audits. As our company scales, this role offers a unique opportunity to develop expertise in compliance and information security.

About the Role

We are seeking a detail-oriented and proactive GRC Analyst to support our compliance and security initiatives. In this role, you will help manage policy documentation, evidence collection, audit preparation, vendor risk assessments, and customer security inquiries. This is an excellent opportunity to grow with a dynamic team if you thrive in an environment that values security, compliance, and process improvement.

Performance Objectives

Within 30 Days:

• Become familiar with OpenSesame’s compliance frameworks, including ISO 27001, SOC 2, and GDPR.
• Assist in evidence collection and documentation for ongoing audits using our GRC tool Drata.
• Review existing security policies and identify areas for clarification or updates.

Within 60 Days:

• Collaborate with cross-functional teams to track and follow up on compliance-related tasks.
• Support the completion of security questionnaires for customers.
• Assist in vendor risk assessments and documentation management.
• Take ownership of monitoring and responding to customer requests in our Trust Center.

Within 90 Days:

• Independently manage certain compliance tasks, including policy updates and audit preparations.
• Identify and propose improvements to compliance processes and documentation workflows.
• Contribute to internal compliance training and awareness initiatives.

Location: This position can be based anywhere in the US. We operate as a remote-first company and invest in all-company in-person meetings several times yearly. 

Performance Driven: We're looking for self-starters with a track record of delivering excellent results, but we're highly selective about who we hire. We don't focus on typical job requirements, instead, we're interested in specific examples from your past experiences. All positions can be based anywhere in the US, and require up to 15 days of travel per year, with senior management and leadership teams requiring up to 35 days.

Compensation: The pay range for this position is generally between $50,000-$90,000 per year and depends on experience. At OpenSesame, we offer a comprehensive benefits package to employees upon hire, including professional development, ISOs, health insurance, 401(k) matching, and paid time off. We carefully consider a wide range of compensation factors, relying on market data to determine compensation and consider your specific job family, background, skills, and experience. We prioritize pay transparency, fairness, and equity to create a positive and inclusive work environment, regularly reviewing our compensation practices to align with our values and goals.

Equal Employment Opportunity: OpenSesame is an Equal Employment Opportunity and Affirmative Action employer that values and welcomes diversity. We do not discriminate on the basis of various legally protected characteristics, including criminal history, and strive to provide reasonable accommodations to qualified individuals with disabilities. We prioritize safety and security and may use your information accordingly, and you can contact us for assistance or accommodations during the job application process. For more information on our Diversity, Equity, and Inclusion initiatives, click here.

Compensation: At OpenSesame, we offer a comprehensive benefits package to employees upon hire, including ISOs, health insurance, 401(k) matching, and paid time off. We carefully consider a wide range of compensation factors, relying on market data to determine compensation and consider your specific job family, background, skills, and experience. 

Pay Transparency: At OpenSesame, we prioritize pay transparency, fairness, and equity to create a positive and inclusive work environment, regularly reviewing our compensation practices to align with our values and goals. We provide competitive and fair compensation to our employees based on their skills, experience, and performance.

CPRA (California Candidates): When you submit your application, OpenSesame may collect and use your personal information in accordance with our privacy policy and the CPRA. This may include personal details and employment history, and will only be used for employment-related purposes. We may share this information with third-party service providers, but we will not sell it to third parties. If you have any questions or concerns, please contact us, and for more information on your rights under the CPRA, refer to our privacy policy or the California Attorney General's website.