About this role

The GRC Senior Analyst will be responsible for leading the GRC team in achieving and maintaining compliance with key third-party certifications. You will work closely with system and control owners across the organization to document, update, and maintain control language, policies, procedures, and other essential documentation. Your role will involve significant interaction with third-party auditors and internal stakeholders, requiring superior written and verbal communication skills. You will also interface with customers, requiring a professional and positive attitude, particularly under pressure.

\What you’ll be doing

Certification Support: Lead in the preparation, submission, and maintenance of key third-party certifications, including CMMC (Cybersecurity Maturity Model Certification) and assisting in SOC 2, ISO 27001, and other frameworks.

Documentation Management: Collaborate with system and control owners to document and update control language, policies, procedures, and other documentation required for certifications and audits.

Audit Lead: Serve as a primary point of contact during internal and external audits, effectively communicating with third-party auditors and ensuring audit requirements are met.

Cross-Functional Collaboration: Work closely with teams across the organization, including IT, security, and operations, to ensure all compliance-related activities are aligned with business goals and regulatory requirements.

Customer Interaction: Interface with customers to address compliance-related inquiries, providing clear and concise information with a professional demeanor.

Process Improvement: Continuously evaluate and improve GRC processes, ensuring they are efficient, scalable, and aligned with industry best practices.

Risk Management: Lead in identifying, assessing, and mitigating risks related to compliance, working with relevant stakeholders to implement necessary controls.

Compliance Monitoring: Maintain up-to-date knowledge of regulatory changes and ensure that the company’s policies and procedures remain compliant.

What you’ll have

Experience: 7+ years of experience in a GRC, compliance, or audit-related role, with a focus on CMMC, NIST, FedRAMP, or similar frameworks.

Communication Skills: Superior written and verbal communication skills, with the ability to interact professionally with auditors, customers, and internal teams.

Documentation Skills: Excellent attention to detail in documenting controls, policies, and procedures, with the ability to translate complex concepts into clear and actionable language.

Calm Under Pressure: Proven ability to remain calm, collected, and professional under pressure, particularly during audits and customer interactions.

Collaboration: Ability to work cross-functionally with various departments and teams to achieve compliance objectives.

At Udemy, we strive to be transparent around compensation. Actual compensation for this role is based on several factors, including but not limited to job-related skills, qualifications, experience, and specific work location due to differences in the cost of labor. In addition to a base salary, this role is also eligible for benefits and equity.Hiring Compensation Range$133,000—$166,000 USD We understand that not everyone will match each of the above qualifications. However, we also realize that everyone has unique experiences that can add value to our company. Even if you think your background might not perfectly align, we'd love to hear from you!