Senior GRC Analyst

Get AI-powered advice on this job and more exclusive features.

What We're All About.
We find, when we come together in the pursuit of excellence, great things happen. And that's how we do things at Quantexa - together. Our business is data, but our culture is collective. We're about growth - but not just the bottom line. We create a culture where people feel empowered to do their best work. We might work across continents and time zones, but that doesn't stop us from collaborating. We're connected. We celebrate our successes together, and we unite to tackle the challenges. 41% of our colleagues come from an ethnic or religious minority background. We speak over 20 languages across our 47 nationalities, creating a sense of belonging for all.

At Q, we're looking for people who share that vision. People like you.

The opportunity

As a Senior GRC Analyst at Quantexa, you will bring excellent demonstrable experience in both US Government and non-government security and compliance, applying deep knowledge acquired prior to joining to immediately contribute to the maturity of our Governance, Risk, and Compliance (GRC) function. This role demands a proactive, detail-oriented, and solutions-driven approach, where your enthusiasm for strengthening organisational security posture will be evident in both strategic initiatives and day-to-day activities.

You will work closely and pro-actively with subject matter experts and stakeholders across the business to ensure the GRC function remains resilient, forward-looking, and aligned with Quantexa's internal objectives, client commitments, and complex regulatory requirements. Your immediate focus will be on compliance and security assurance related to managing the SOC 2 process with our nominated CPA and working on Quantexa's U.S. Government engagements, as well as wider commercial obligations.

A strong understanding of federal security frameworks is essential particularly the application of NIST SP 800-53 controls for federal information systems and NIST SP 800-171 for the protection of Controlled Unclassified Information (CUI). You will also work across and manage the SOC 2 engagement programme and internationally recognised ISO standards, including ISO/IEC 27001 and ISO/IEC 27017, demonstrating a high level of confidence in applying and mapping these controls in a dynamic FinTech environment.

Your role will involve actively shaping and guiding regulatory readiness efforts, accreditation processes, and evidence-based reporting, while maintaining a continuous focus on control effectiveness. You will be expected to identify emerging compliance risks, suggest improvements, and lead by example in implementing practical, business-aligned controls that go beyond tick-box compliance.

You will also be expected to apply a working understanding of Artificial Intelligence (AI) principles and how these intersect with governance, risk, and compliance within software development environments. This includes helping to define and uphold responsible and secure AI practices, in line with client expectations and regulatory developments.

As a key member of the Information Security team, you will act as a trusted advisor across the business, promoting a culture of accountability, transparency, and security-first thinking. Your ability to translate complex requirements into actionable controls will be instrumental in driving Quantexa's ongoing growth in regulated markets.

Ultimately, your demonstrable knowledge, commitment to high standards, and proactive engagement will help strengthen Quantexa's global compliance profile, support secure operations, and reinforce trust with clients, partners, and regulators alike.

Requirements

What you'll be doing

• Ensure Regulatory Compliance
• Align Quantexa's practices with global regulatory standards and accreditations, such NIST (SP 800-53, SP 800-171), CMMC 2.0, (AICPA) SOC 2 (All trust principles), and ISO/IEC 27001 (2022) with an emphasis on US Government requirements
• Demonstrate an understanding of Artificial Intelligence (AI) principles, particularly their application within software development
• Monitor Regulatory Changes
• Stay updated and report on evolving global regulations, refining frameworks and controls to maintain ongoing compliance across federal and commercial standards within information security
• Maintain Security Certifications
• Assist and oversee the maintenance of commercial security certifications, such as SOC 2 Type II and ISO/IEC 27001:2022, ensuring continuous alignment with best practices
• Coordinate with Assessors
• Collaborate with government, non-government auditors, clients, CPAs, and third-party assessors, to facilitate audits and ensure Quantexa meets all necessary requirements
• Develop and Maintain Policies & Standards
• Assist in the development and periodic review of policies, standards, and procedures to satisfy both federal and commercial security requirements
• Assess and assist in the development of cybersecurity plans and procedures to ensure compliance with FAR and DFARS
• Advise on Security for Government Proposals
• Review security documentation for government contract proposals, advising on technical solutions to meet federal and regulated sector security requirements, including data security and confidentiality
• Conduct Risk Assessments & Maintain Compliance Records
• Perform regular risk assessments to identify gaps in security controls and compliance, working with cross-functional teams to strengthen data protection and security practices
• Keep detailed records of compliance activities, risk assessments, and audit outcomes. Deliver reports to security leadership and track updates to policies for audit readiness
• Collaborate Across Teams
• Partner with IT, legal, and compliance teams to align on priorities, translating regulatory requirements into actionable insights and security controls. Act as a technical advisor on US Government regulations to various stakeholders
• Promote Knowledge Sharing
• Foster a culture of collaboration by sharing best practices, lessons learned, and key insights from audits, projects, and risk assessments across the organisation
• Ensure knowledge-sharing practices support organisational goals, regulatory needs, and industry best practices, particularly within compliance-driven environments like Quantexa's

What You'll Bring

• Educational Background
• A bachelor's degree in a relevant field (e.g., Information Security, Computer Science, or a related discipline) is essential to provide a strong foundation for understanding the technical and regulatory complexities of the role
• Governance, Risk, and Compliance Experience
• At least 10+ years of proven work experience in Governance, Risk, and Compliance (GRC), particularly in highly regulated industries such as financial, professional services, government or healthcare, with expertise in navigating complex regulatory requirements
• Proven experience in developing policies and processes to ensure compliance with FAR and DFARS including 52.204-21 and 252.204-7012
• Organisational Agility
• Proactively manages multiple priorities with a structured, self-directed approach. Consistently delivers high-quality outputs against critical deadlines, ensuring clarity, focus, and forward planning
• Communicates and presents with purpose and precision
• Across technical and non-technical teams. Builds alignment, accelerates decision-making, and ensures stakeholders remain informed and engaged
• Audit and Compliance Ownership
• Leads end-to-end audit and assurance activities with a strong grasp of detail and efficiency. Identifies opportunities to streamline and optimise processes while maintaining rigour and accountability
• Analytical Problem-Solving
• Rapidly interprets complex risk and compliance scenarios. Offers clear, pragmatic solutions that are aligned with strategic objectives and responsive to evolving business needs
• Continuous GRC Evolution
• Actively seeks opportunities to improve and modernise GRC practices, staying ahead of regulatory developments and embedding scalable, sustainable improvements
• Collaborative Leadership Style
• Brings energy, initiative, and a positive presence to team environments. Builds strong relationships, encourages open dialogue, and supports a culture of shared ownership and high performance

Benefits

Our perks and quirks.
What makes you Q will help you to realize your full potential, flourish and enjoy what you do, while being recognized and rewarded with our broad range of benefits.

• A Competitive salary range of 100-180k (subject to experience, level and location)
• Company bonus
• 401(k) match up to 5%
• Competitive PTO Allowance + Paid US Federal Holidays + Your Birthday Off!
• Medical, Dental, and Vision coverage
• Short-term and Long-term Disability, Life, and AD&D insurance
• Access to One Medical - primary care practice that offers 24/7 on-demand virtual care
• Access to Teladoc - on-demand healthcare via phone or video
• Access to Health Advocate - the nation's leading healthcare advocacy and assistance company
• Access to Calm App Subscription - the #1 app for meditation, relaxation, and sleep
• Access to Talk Space - the #1 rated, HIPAA-compliant app for online counselling and therapy services
• Continuous Training and Development, including access to Udemy Business
• Company-wide socials

Our mission.
We have one mission. To help businesses grow. To make data easier. And to make the world a better place. We're not a start-up. Not anymore. But we've not been around that long either. What we are is a collection of bright, passionate minds harnessing complexities and helping our clients and their communities. One culture, made of many. Heading in one direction - the future.

It's All About You.
We want you to feel welcome, valued, and respected—because it's your individuality and passion that make you Q. We see that, and we celebrate it. That's why we're proud to be an Equal Opportunity Employer.

We are committed to fostering an inclusive and diverse work environment, continuously improving to ensure everyone belongs. Our recruitment process is designed to be inclusive and accessible. If you need any reasonable adjustments or accommodations, please let our Talent Acquisition Team know—we're happy to assist.

No matter your race, beliefs, color, national origin, gender, sexual orientation, age, marital status, neurodiversity, or abilities—whoever you are—if you're a passionate, curious, and caring human eager to push the boundaries of what's possible, we want to hear from you.

start. don't stop - Apply

• Mid-Senior level

• Full-time

• Business Development and Sales
• Industries: IT Services and IT Consulting