Senior GRC Analyst

The user interface for universal knowledge capture. We want every atom of information that our users need to be at their fingertips.

Designed to be generally capable– it can tackle even the most complex tasks, citing answers over any amount of sources.   By showing its work, Hebbia empowers users to collaborate with AI on each step and validate responses instead of blindly trusting them.  Our mission is to put capable AI in the hands of 1 billion people by 2030.

Our business can’t function if customers don’t trust us with their data. As a skilled Security Governance, Risk & Compliance (GRC) Analyst, you will play a pivotal role in shaping the security landscape of Hebbia. Reporting directly to the Head of Security, you will contribute to the maturation of our security program by helping shift how we approach GRC. You will be crucial to the company’s SOC2 and GDPR compliance programs, as well as our client diligence obligations, ensuring we maintain clean certifications and meet our regulatory obligations not just through paperwork but by bringing an engineering mindset to bear.

Our team works 5 days/week onsite from our SoHo office in New York City. 

• Lead and manage the entire compliance program, including existing frameworks and new ones, ensuring the company remains certified and in good standing regarding CCPA, SOC 2, GDPR, etc.
• As a founding member on the security team, support the overall security program at Hebbia, including external vendor partners like penetration testing teams, adopting and architecting new security controls, etc
• Help identify and lead future compliance initiatives such as ISO 27001
• Develop and own security policies and guidelines in accordance with appropriate industry standards.
• Ensure excellent customer outcomes in the security due diligence realm, including evolving into a SME on supportive process improvement initiatives
• Provide regular updates and clear communication to leadership on the status of security initiatives, compliance, and ongoing risk management efforts.
• Develop and maintain public-facing trust pages to demonstrate security and compliance commitment

• Bachelor's degree in Information Security, Computer Science, or a related field, or equivalent practical experience.
• 3+ years of experience in information security
• track record of developing, implementing, and managing security programs and policies.
• Strong understanding of regulatory frameworks such as SOC2, GDPR, ISO27001, and other relevant compliance programs, with hands-on experience in maintaining these certifications
• Prior experience with common risk and control frameworks such as NIST CSF, 800-53, and CIS
• Solid grasp of security best practices in corporate environments; demonstrate knowledge/proficiency in one or more fundamental security domains (e.g, infrastructure, application security, etc.)
• Expert with GRC tools and technologies, including compliance management partners like Vanta
• Strong communication skills, with a talent for translating complex risk concepts into actionable decisions
• A proactive, problem-solving mindset with a passion for staying ahead of the latest security trends and technologies.

The salary range for this position is set between $150,000 and $180,000. However, adjustments outside of this range may be considered for candidates whose qualifications significantly differ from those outlined in the job description. 

PTO: Unlimited

Insurance: Medical + Dental + Vision + 401K + Wellness Benefits

Eats: Catered lunch daily + doordash dinner credit 

Parental leave policy: 3 months non-birthing parent, 4 months for birthing parent

Fertility benefits: $15k lifetime benefit

New hire equity grant: competitive equity package with unmatched upside potential