Job Description: GRC Analyst

Location: New Delhi, India

Company: ThrivePass

About ThrivePass:

At ThrivePass, we empower organizations to offer benefits that truly matter. Our platform supports employee wellbeing, compliance, and growth through innovative technology, data-driven insights, and exceptional user experiences. Our culture is rooted in our CARE values:

- Courageous - We embrace new challenges and bold ideas.

- Authentic - We value transparency and show up as our true selves.

- Resourceful - We find creative solutions and make things happen.

- Excellent - We take pride in our work and hold ourselves accountable.

About the Role:

We are seeking a Senior Compliance Analyst to lead and maintain our adherence to global regulatory and industry standards, such as SOC 2 Type II ,ISO27001, GDPR, HIPAA, and CCPA. This role is crucial for supporting our audit-readiness, improving policy frameworks, and driving a company-wide culture of compliance. You'll work cross-functionally with internal teams and external auditors to ensure our systems and practices align with the latest compliance requirements.

Key Responsibilities:

Regulatory Compliance & Audit Readiness:

- Stay current with relevant regulations, including SOC 2, GDPR, HIPAA, and CCPA.

- Conduct regular gap assessments, develop remediation plans, and ensure ongoing compliance.

- Prepare documentation and coordinate with third-party auditors and assessors.

- Creating, reviewing, and updating internal policies, standards, and procedures to align with regulatory requirements and best practices.

- Manage compliance automation tools such as Vanta AI and complete vendor risk questionnaires.

- Evaluating the security posture and compliance of vendors and other third parties to minimize supply chain risks.

Business Continuity & Risk Management:

- Lead and document Business Continuity and Disaster Recovery (BCDR) testing.

- Support internal risk assessments and vendor management programs.

- Work with stakeholders to address gaps and exposures caused due to risks.

- Conducting risk assessments to identify, analyze, and evaluate potential threats to the organization's assets, operations, and reputation. This includes developing and implementing risk mitigation strategies and maintaining a risk register.

Training & Enablement:

- Promote a culture of compliance across the organization.

- Facilitate internal security awareness and compliance training programs.

- Act as a resource to teams on compliance-related matters without stalling innovation.

Program Oversight & Metrics:

- Define and track KPIs to measure compliance program effectiveness.

- Drive continuous improvements and ensure compliance is embedded in business processes.

- Support legal, IT, and product teams in evaluating data protection requirements.

- Preparing and presenting reports to management and stakeholders on the organization's risk and compliance posture.

Requirements:

Must-Have:

- Proven experience in a compliance, risk, or audit function.

- Strong knowledge of SOC 2, GDPR, HIPAA, CCPA, and vendor management.

- Familiarity with compliance tools like Vanta.

- Excellent communication and documentation skills.

- Experience working with cross-functional teams.

- Skilled in drafting and managing policies and procedures.

Nice-to-Have:

- Experience with security awareness platforms (e.g., KnowBe4).

- Familiarity with ITSM systems like Freshservice.

- Knowledge of AI/automation in compliance workflows.

- Relevant certifications: CISA, CRISC, or equivalent.

Why Join ThrivePass?

- Work in a fast-paced, mission-driven company with a meaningful product.

- Learn and grow through exposure to emerging tools and technologies.

- Be part of an inclusive, value-driven culture that prioritizes trust and impact.