POSITION SUMMARY:

We are building a cybersecurity team for the future, seeking an exceptional, business- and technology-savvy Senior Cybersecurity Governance, Risk, and Compliance (GRC) Lead to join our high-performing cybersecurity team in a fast-paced environment. The successful candidate must have a strong passion and experience to support business success in the GRC field. Candidates should bring 8+ years of hands-on GRC experience and a demonstrated ability to align risk management strategies with overarching business objectives. This pivotal role demands expertise in developing and executing GRC policies, SOPs, best practices, conducting risk assessments, and ensuring compliance with a broad spectrum of regulations, including SOC2, ISO 2700x, HIPAA, GDPR, FDA, PCI-DSS, PMDA, and NIST. The role requires close collaboration with cross-functional teams to support business success.

The Senior GRC Analyst will be a linchpin in advancing Natera’s GRC programs, driving third-party risk management (TPRM), leading compliance audits, enforcing policy frameworks, delivering security training, and spearheading AI-powered automation to revolutionize our security posture. We require a bold innovator with deep AI proficiency and hands-on coding expertise to design and deploy cutting-edge GRC automation solutions.

PRIMARY RESPONSIBILITIES:

• Third-Party Risk Management (TPRM) & Vendor Governance: Partner closely with business and legal teams to enforce security standards across vendor engagements. You will own, author, and elevate the TPRM policy, playbook, integrating processes, technology, and stakeholder collaboration to maximize efficiency, scalability, and risk reduction. Conduct thorough third-party security risk assessments and ensure unwavering vendor compliance.

• Regulatory Compliance Governance & Audit Support: Act as a relentless advocate for compliance with SOC2, PCI-DSS, HIPAA, FDA, and ISO 27001 frameworks through proactive monitoring, process enhancements, and consistent updates. Maintain defensible audit documentation, coordinate with auditors, and stay ahead of regulatory changes to safeguard internal controls.

• Policy Management & Process Improvement: Take charge of the security policy portfolio, driving an annual refresh process that ensures timely updates, compliance alignment, and robust stakeholder buy-in. Track exceptions and enforce corrective actions to optimize policy impact.

• Security Awareness & Training: Design and roll out compelling quarterly cybersecurity training for all employees, lead phishing simulations to harden resilience, and develop targeted compliance education materials. Track and report metrics.

• GRC Technology & Automation: Harness your advanced programming and security automation skills to build AI-driven solutions that transform compliance processes. You must demonstrate a deep understanding of AI applications in GRC, develop deployment strategies, and integrate security tools to fortify our framework.

QUALIFICATIONS:

• Experience: Candidates must have 10+ years of direct experience in GRC, cybersecurity risk management, or regulatory compliance, with a proven track record of engaging vendors, regulators, auditors, and engineers. Legal experience is a plus but not required.

• Skills:

  • Expert knowledge in compliance frameworks (SOC2, FDA, PCI-DSS, HIPAA, ISO 27001, NIST) and third-party risk management.

  • GRC platforms, security awareness tools, and automation technologies.

  • Exceptional business communication and influence to drive stakeholder alignment.

  • Result driven. Exceptional analytical and problem-solving skills to evaluate risk and control effectiveness.

  • Good to Have: an out of the box thinker and innovator. AI savvy and hands-on coding ability to innovate and build next-generation GRC automation—passion for disruption is a must.

• Education & Certifications: A Bachelor’s degree in Information Security, Risk Management, Computer Science, or Business Administration is mandatory; a Master’s degree in IT, Cybersecurity, or Business is required. Professional certifications such as CISA, CISM, CISSP, or CRISC are strongly preferred.

• Excellent organizational and communication skills (written and verbal) with demonstrated ability to effectively present to both internal and external customers.

• Effective time management skills required with a demonstrated ability to assess and prioritize opportunity required.

• Must act with a sense of urgency, with a focus on closing business.

• Have the ability to assess the needs of medical professionals and staff members with a focus on consultative sales, coordination of logistics, and problem solving.

• Have a strong desire to work in a startup-like environment and must work independently with an internal drive to be successful.