openashbyhqgradient
Senior GRC Analyst
Benepass
LocationU.S Remote
WorkplaceFull
EmploymentFullTime
Posted2026-05-21T21:46:18.413+00:00
Last observed2026-06-13 05:23:14.169311
Job idgradient-benepass:ashbyhq:5da37f1d-9906-4ef6-bf5a-70c1940eb5c4
ABOUT US At Benepass we're making benefits easy. We believe people are the most important asset to any company. Traditional one-size-fits-all benefits packages no longer cut it in today's hybrid and remote-first environment. With Benepass, companies can tailor their benefits to the unique needs of their workforce. Through our easy-to-use and highly customizable fintech platform, People teams can implement, administer, and track the benefits that meet employees where they are. Employers design their benefits and perks plan by setting a contribution amount and eligible spend categories. Every employee has their own individual definition of wellness and needs different things to help them be their most productive, fulfilled self. OUR MISSION Helping companies reimagine how companies take care of their people. OUR INVESTORS We are backed by leading investors, including Centana Growth Partners, Portage Ventures, Threshold Ventures, Gradient Ventures, Workday Ventures, and Clocktower Technology Ventures. To date, the company has raised approximately $75 million in equity capital. ARTICLES - Founder Story - Jaclyn Chen https://bit.ly/3FpQ0ti - Benepass Raises $40M Series B https://getbenepass.com/blog/benepass-raises-40m-series-b-to-help-employers-redesign-benefits-for-rising-healthcare-costs CANDIDATE RESOURCES - Benepass | Candidate Resource Page https://docs.google.com/document/d/1_OTFvktl-2SoxPn_tkZzyHECSKM0V14hVZOy1ZdZ8zE/edit?usp=sharing - Benepass Listed on Inc. Magazine's Best Workplaces of 2023 https://bit.ly/3EAXv0Q TEAM & ROLE As a Senior GRC Analyst at Benepass, you will help operate and mature the governance, risk, compliance, audit readiness, and customer assurance programs that support our business, customers, and employees. You will work across security policies, internal controls, audit evidence, risk tracking, security questionnaires, and compliance operations. Reporting to the Head of Infosec & GRC, you will be a key individual contributor on a lean security team. You will partner closely with Security, Engineering, IT, People, Legal, Finance, Sales, Customer Success, and Product to make our security and compliance programs clear, practical, and reliable. You are detail-oriented, organized, and pragmatic. You know how to bring structure to ambiguity, communicate clearly with technical and non-technical stakeholders, and balance compliance rigor with the speed of a growing startup. ROLE LOCATION & TRAVEL This remote role is based in the United States or Canada. You will be expected to attend company-wide on-site events three to four times per year, as well as occasional on-site office travel as necessary. WHAT YOU'LL DO - Governance & Policy: Maintain and improve information security policies, standards, procedures, control documentation, and related governance materials. - Control Mapping: Help map policies and controls to frameworks such as SOC 2, ISO 27001/27002, HITRUST, NIST CSF 2.0, and other customer, regulatory, or security requirements. - Policy Operations: Support policy exceptions, risk acceptances, remediation tracking, control owner follow-ups, and recurring governance workflows. - Compliance & Audit Readiness: Support SOC 2, ISO 27001, and HITRUST readiness, audit preparation, evidence collection, auditor coordination, and audit response management. - Control Testing: Maintain recurring evidence-gathering and control testing workflows, helping ensure controls operate consistently across the business. - Findings & Remediation: Track audit findings, control gaps, remediation plans, owners, due dates, and closure evidence. - Risk Management: Support risk assessments, control gap assessments, internal reviews, and maintenance of the risk register. - Business Communication: Translate technical and security risks into clear business language, including mitigations, ownership, timelines, and residual risk. - Customer Assurance: Own or support customer security questionnaires, RFP security sections, due dilige
This page is generated from the committed OpenOpps static snapshot. Use the source posting or apply link for the employer's current canonical posting state.