Doppler
Secrets Management
SeniorGRCAnalyst
“Senior GRC Analyst at Doppler. Skills: GRC platform, SOC 2, ISO 27001, Security policies. Maintain SOC 2 Type II and ISO 27001 certifications. Lead compliance work for next certifications”
What You'll Achieve.
Maintain Doppler's SOC 2 Type II and ISO 27001 certifications; Drive our next compliance initiatives; Building systems that reduce manual toil; Move us toward continuous compliance rather than point-in-time audits; Track remediation progress; Drive accountability across teams; Ensuring they're practical and consistently operating; Track and close findings; Respond to security questionnaires and RFPs promptly and accurately; Represent our compliance posture credibly; Amplify our reach to educate the market
Industry & Context.
Deficiency remediation; Risk identification sessions; Remediation progress tracking
What They're Looking For.
Must Have
5+ years in security, compliance, or GRC, direct ownership of SOC 2 Type II and ISO 27001 programs, run audit cycles, Hands-on experience with Vanta, Technical fluency, understanding of how auditors think, Experience supporting enterprise sales cycles, responding to complex security questionnaires, Excellent communication skills
Nice to Have
Startup or high-growth environment experience, Experience with developer tools or infrastructure security background, Experience with trust center management, Familiarity with secrets management, credential security, or PKI, PCI DSS and GDPR experience with self-attestation or certification work, Relevant certifications (CISA, CISSP, CISM, CRISC, or equivalent)
What You'll Do.
Maintain SOC 2 Type II and ISO 27001 certifications
Lead compliance work for next certifications
Evaluate additional certifications
Own GRC platform administration
Lead security working group
Design and maintain security controls
Coordinate penetration testing cycles
Author and maintain security policies
Support business continuity and disaster recovery governance
Respond to security questionnaires and RFPs
Participate in customer security reviews
Maintain public-facing trust documentation
Partner with sales on security-sensitive deals
Translate compliance status and risk posture
Lead security awareness and compliance training
Influence engineering and product roadmaps
How You'll Work.
Team & Collaboration
Work closely with engineering, product, sales, and customer success; Drive accountability across teams; Partner with sales on security-sensitive enterprise deals; Translate compliance status and risk posture into clear, non-jargon updates for leadership and cross-functional stakeholders; Lead security awareness and compliance training for internal teams; Influence engineering and product roadmaps where security controls intersect with product decisions
Communication Scope
Excellent communication skills across audiences; brief the CEO on risk posture; explain the same issue to an engineer in implementation terms
Process & Methodology
Audit coordination, Deficiency remediation, Gap assessments, Policy updates, Required documentation, Control mapping, Evidence workflows, Audit readiness, Risk identification sessions, Remediation progress tracking
Applying for this Senior GRC Analyst role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Ashby
- Ashby is a fast modern ATS — most applications take under 3 minutes.
- The resume parser is strong; verify parsed experience dates and job titles.
- Custom screening questions are often scored algorithmically — answer completely.
- Location field affects geo-based screening; use your actual metro area.
ANONYMOUS · UNFILTERED
What do employees actually say about Doppler?
Real rants from real employees. Read before you apply.