Job Description
We're building a Cybersecurity GRC SaaS platform and need an experienced Cybersecurity Analyst to join us in a part-time capacity. This role is focused on content strategy, research, and data modeling—not operations. You will help shape the foundational knowledge, data structures, and default content that drives the application experience for our end users. --- RESPONSIBILITIES --- - Conduct research across leading cybersecurity frameworks and regulations (e.g. NIST CSF 2.0, ISO 27001, SOC 2, SEC Cyber Rules, etc.) - Identify and extract reusable control mappings, risk scenarios, and governance practices from frameworks and regulatory standards - Develop structured risk catalogs, control sets, issue libraries, and policy templates for use within the application - Create baseline datasets for third-party risk assessments, internal risk registers, and compliance gap analysis - Research industry benchmarks, key risk indicators (KRIs), and risk scoring models to support application dashboards - Assist in structuring and writing in-app guidance text or tooltips based on framework best practices - Collaborate with the founder and development team to model how users interact with this data within the product --- REQUIREMENTS --- - Proven experience working in cybersecurity GRC roles, ideally in both consulting and in-house capacities.
- Strong understanding of risk management, third-party/vendor risk management, and policy lifecycle processes - Strong familiarity with regulatory and compliance frameworks such as NIST CSF, ISO 27001, SOC2, SEC Cybersecurity Rules, etc. - Strong analytical and organizational skills—you enjoy untangling complexity and distilling clear structures - Excellent research and writing skills—must be able to produce polished and usable content for product implementation - Experience working in startups or fast-moving environments is a plus
This is an ideal role for a proactive and detail-oriented GRC expert who enjoys building something from the ground up.
We’re not looking for passive check-the-box consultants—we want strategic thinkers who can take initiative and help us create a product that delivers real value to cybersecurity teams and consultants. To be considered, please record a short Loom (or similar) video introducing yourself, walking through a relevant work example, or describing your approach to building GRC content libraries. Applications without a video will not be considered. Apply tot his job