Senior GRC Analyst (Hybrid)

at  Homebase

HI, FUTURE HOMIE!

As a Homie, you’ll be part of an unstoppable team that puts customers first, embraces each day with excitement, and strives for excellence in everything you do. We’re revolutionizing the way small businesses manage their teams and grow their business. What this means for you is a shared passion for innovation and making a difference for the people we serve. So what do you say, will you join us on our mission to empower small businesses?
Our Trust and Security team is a critical component of our organization, dedicated to safeguarding our systems, data, and customers. We have a broad scope of responsibilities encompassing application security, security operations, governance, risk, compliance (GRC), and corporate security. Collaborating closely with internal and external stakeholders, we are committed to delivering exceptional security and quality services and products. By upholding the highest standards, we ensure the protection of our customers’ trust and confidence.
As a Senior GRC Analyst, you will be a key member of our Homebase Trust and Security team, contributing significantly to the development and execution of our Governance, Risk, and Compliance (GRC) program. Reporting directly to the Security Engineering Manager, you will play a key role in shaping the future of our GRC and privacy initiatives.
We are seeking a highly motivated individual with a strong foundation in compliance, risk, and privacy. Your ability to bridge the gap between technical and business domains will be essential in driving effective GRC strategies. You will collaborate closely with engineering, operations, risk, financial, and leadership teams to identify, assess, and mitigate risks, ensuring alignment with regulatory requirements. A deep understanding of common technologies and systems will be crucial for fostering productive partnerships with our engineering teams.

DIVERSITY, EQUITY, AND INCLUSION AT HOMEBASE

At Homebase, we take pride in fostering a welcoming space where every Homie of every gender, age, orientation, culture and walk of life can be their full selves. Diverse perspectives empower us to build the best-in-class platform for small businesses and hourly shift workers. We recognize that experience comes in many forms, so if you think you’re close to what we’re looking for (even if you don’t meet 100% of the qualifications), we encourage you to apply!

ABOUT US

Our mission is to make hourly work easier for local businesses and hourly workers. Homebase currently serves more than 100,000 small (but mighty) businesses with everything they need to manage their hourly teams: employee scheduling, time clocks, payroll, team communication, hiring, onboarding, and compliance. Just don’t call us “Human Capital Management.” We have built tools for the busiest businesses, so owners and employees can spend less time on bullsh*t and more time on what matters. The Homebase team brings small business expertise from Intuit, Square, OpenTable, Yelp, Gusto, and First Data. Homebase is backed by leading venture investors Bain Capital Ventures, Baseline Ventures, Cowboy Ventures, Khosla Ventures, Plus Capital, and GGV Capital.
At Homebase, we value our differences, and we encourage all to apply. We do not discriminate on the basis of race, religion, color, gender expression or identity, sexual orientation, national origin, citizenship, age, marital status, veteran status, disability status, or any other characteristic protected by law. Homebase is proud to be an equal opportunity employer and participant in the U.S. Federal E-Verify program. Accommodations will be provided during the hiring process if needed. Please advise us of any accommodations needed within your application to ensure fair and equitable access throughout the recruitment and selection process.

• Lead and conduct external audits (SOC 2, PCI DSS) to ensure compliance with security standards.
• Collaborate with control owners to automate evidence collection.
• Manage and implement internal controls to support business operations.
• Perform risk assessments, gap analyses, and control reviews to identify deficiencies and improvements.
• Address compliance inquiries and topics for customers.
• Monitor regulatory changes in GRC and drive necessary adjustments.
• Maintain and enhance security and compliance awareness programs.
• Develop, review, and update policies, standards, and procedures to align with regulatory requirements and best practices.
• Conduct risk assessments of third-party vendors, evaluate their security and compliance, and oversee remediation of identified vendor risks through collaboration.
• Conduct regular security risk assessments and develop risk mitigation plans.
• Maintain a risk register, tracking identified risks and mitigation strategies.
• Collaborate with operations to build and monitor a privacy program.
• Develop and produce security risk management reports for management.
• Track and report key risk and performance indicators (KRIs, KPIs).
• Manage and maintain the GRC tool, ensuring data accuracy.
• Lead and ensure the timely completion of critical tasks by internal teams.
• Manage internal and external trust resources.
• Contribute to scaling GRC practices by participating in team roadmaps.
• Collaborate effectively with departments such as IT, Legal, and HR to drive GRC initiatives.
• Act as the primary point of contact between the organization and external regulators or auditors.
• Build and maintain strong relationships with both internal teams and external stakeholders.