You have opted out of job matches in .
To undo this, go to the 'Skills and Interests' section of your preferences.
Shared by 
about 1 month ago
Requirements and responsibilities
About the roleSynthesia is the world’s leading AI video platform for business, used by over 90% of the Fortune 100. Founded in 2017, the company is headquartered in London, with offices and teams across Europe and the US. Following our recent Series E funding round (raised $200 million), our valuation stands at $4 billion.We are looking for a GRC Analyst to help run and evolve our governance, risk, and compliance program in a way that is credible with technical teams and useful for the business. We are not looking for a traditional “paper compliance” role. The ideal candidate has a strong technical foundation and can bridge the gap between how systems are built and operated (GitHub, CI/CD, Kubernetes, cloud, observability) and what we need to demonstrate for audits, customers, and leadership.You will work closely with Engineering, DevOps/Platform, Security, Legal, and customer-facing teams to keep us audit-ready, reduce risk in practical ways, and support the next wave of compliance efforts (for example ISO 22301, and longer-term options like HITRUST and FedRAMP).What you'll be doingGRC Program OwnershipOwn and continuously improve our GRC program across ISO 27001, SOC 2, ISO 27701, and ISO 42001, including control mapping and evidence expectations.Partner with control owners to make compliance repeatable and low-friction—evidence as a habit, not a scramble.Drive audit readiness: artifacts, timelines, action tracking, and clear control demonstration.Improve policies, standards, and procedures so they reflect how we actually operate.Technical-to-Compliance TranslationBuild strong working relationships with DevOps/Platform and engineering teams.Evaluate technical implementations—branch protection, CI/CD, Kubernetes, cloud architecture, monitoring—well enough to ask good questions and validate evidence.Translate technical reality into clear audit narratives without losing accuracy.Risk ManagementContribute to risk identification and assessment across technical, operational, and vendor domains.Maintain risk registers and track mitigations to closure.Support leadership reporting by surfacing themes and trends that lead to real decisions.Growth into Future CertificationsEvaluate and prepare for ISO 22301, and potentially HITRUST and FedRAMP as business needs evolve.Identify gaps early and propose pragmatic roadmaps that engineering teams can execute.We'd love to hear from you if you:Have a hands-on technical background (engineering, DevOps/SRE, IT management, or similar) and understand how cloud environments work, especially AWS.Can follow technical conversations well beyond what a traditional auditor can—you understand how the sausage is made.Have experience supporting audit cycles and know what good evidence looks like.Are organised, proactive, and can drive multiple workstreams independently—with clear, thoughtful communication across both technical and business audiences.Have technical aptitude: comfortable writing a simple script when needed, and experienced using AI and LLM tools in your work.Bonus points if you:Have direct experience with ISO 27001, SOC 2, ISO 42001, or ISO 27701, or have worked in ISO 22301, HITRUST, or FedRAMP environments.Have used GRC tooling such as Vanta, Drata, or OneTrust.Have built lightweight automation to reduce compliance toil.Have worked in a fast-growing SaaS company and supported an external audit.Why join us?Our culture: passionate about building; hire the smartest, kindest, and most unrelenting people; let them do their best work without distractions.Serving 50,000+ customers (and 50% of the Fortune 500): trusted by leading brands such as Heineken, Zoom, Xerox, McDonald’s, and more.Proprietary AI technology: built in-house since 2017 by a team of world-class AI researchers and engineers.AI Safety, Ethics and Security: People first. Always.The hiring process30-40min call with our Technical Recruiter60mins call with the Hiring Manager about your past projectsTake-Home Assignment90mins Debrief with the Hiring Manager and our Head of SecurityOther important infoThis is a remote role from the UK OR an EU country.This is full-time employment only—no contractors possible.You can view our benefits here.
Optionally, you can add more information later (benefits, pre-screening questions, etc.)