GRC Analyst

About your role

Rocket Lawyer continues to rapidly grow its business into the legal tech world, leveraging our quickly developing AI technology. As part of this continued growth, more analysis is made by each of our customers on Rocket Lawyer’s security practice from a GRC standpoint. Additionally, as we continue to grow, our risk profile grows and must be managed appropriately.

Rocket Lawyer is looking for a motivated individual with a strong fundamental understanding of GRC to mature our program, along with the continued company growth. In 2025, we established our first proper GRC function on our journey to obtaining our first SOC2 Type II certification as a business. In 2026, we plan to obtain an ISO 27001 certification in addition to streamlining and building out all of our controls, as well as more closely staying on top of company risks.

How you will make a difference day to day

Risk Identification and Monitoring

• Assist in identifying, assessing, and tracking risks across IT and enterprise functions.

• Maintain risk register in GRC and CRQ tools, ensuring business understanding of all existing risks.

• Perform threat modeling across different business applications.

• Support maintenance of the enterprise risk register and dashboards used by leadership.

Governance and Compliance Support

• Help draft, organize, and maintain policies, standards, and procedures.

• Analyze, recommend, and implement security best practices.

• Support compliance awareness campaigns and training that promote a culture of risk accountability.

Framework Alignment

• Learn and assist in mapping controls to frameworks such as SOC2, NIST CSF, COBIT, ISO 27001, GDPR, CCPA, and ISO 42001.

• Crosswalk and harmonize controls across multiple compliance frameworks.

• Support tracking and validation of control effectiveness through GRC tools or reports.

Collaboration and Reporting

• Partner with security leadership to prepare reports, metrics, and presentations for management.

• Contribute to meetings with stakeholders across Legal, Finance, IT, and Operations.

• Work with sales teams to respond to customer questionnaires for RL Security.

• Responsible for reviewing vendor risk profiles and approving vendors for use at RocketLawyer.

Operational Support and Learning

• Provide day-to-day administrative and research assistance to the security team.

• Demonstrate initiative, curiosity, and a commitment to learning risk and compliance fundamentals.

Cross-Functional Security Responsibilities

• While GRC is the primary focus of this role, Rocket Lawyer’s security team must be nimble and cross-trained across multiple disciplines.

• You will likely be asked to learn tools that are not focused on GRC to provide backup if other team members are not around, or to just expand your knowledge and provide additional coverage.

• All team members are expected to join team calls and contribute to the team’s overall success, regardless of whether a given topic is specific to their titled role.

What you’ll need

• Bachelor’s or Graduate degree in Cybersecurity, Information Systems, or a related field, or relevant job experience.

• 1-3 years of relevant experience (cybersecurity, audit, risk, compliance, GRC).

• Solid understanding of fundamental security and IT concepts (access controls, data retention, change management, etc.).

• Familiarity with major security and privacy frameworks (ISO, NIST, SOC 2, HIPAA, etc.).

• Strong critical thinking, organization, and communication skills.

• Ability to balance multiple projects and deadlines with exceptional follow-through.

• Technical aptitude — you’re curious, you learn fast, and you don't shy away from new tools.

• A passion for cybersecurity and a commitment to helping companies build safer, stronger environments.

• Strong understanding of global data protection laws and regulations (e.g., GDPR, CCPA) and their technical implications.

• Strong analytical, problem-solving, and communication skills, with the ability to work effectively across cross-functional teams.

• Industry certifications (e.g., CISSP, CISA, CISM) are a plus.

Not sure if you meet all the qualifications? Apply anyway! We value diverse experiences and encourage you to bring your unique talents to our team!

Benefits & Perks

• Comprehensive health plans (including Medical, Dental, and Vision insurance for full-time employees)
• Unlimited PTO
• Competitive salary packages
• Life insurance
• Disability benefits
• Supplemental Optional Life Insurance Benefits
• FSA Options Optional
• HSA with Company Match
• 401k program with Company Match
• Wellhub & ClassPass fitness platforms
• Comprehensive Pet Insurance options
• Financial Wellbeing & Student Loan Program access
• Access to additional Mental Health & Wellbeing resources
• Pre-tax Commuter/Transit Benefits
• Free Rocket Lawyer account with online access to an extensive legal documents library and brilliant licensed attorneys at discounted rates. 

Interview Process

• Recruiter Phone Screen
• Role Assessment(s)
• Hiring Manager Interview
• Panel Interviews
• Final Interview