Senior Security GRC Analyst

Join us in building the future of finance. Our mission is to democratize finance for all. An estimated $124 trillion of assets will be inherited by younger generations in the next two decades. The largest transfer of wealth in human history. If you’re ready to be at the epicenter of this historic cultural and financial shift, keep reading. About the team + role We are building an elite team, applying frontier technologies to the world’s biggest financial problems. We’re looking for bold thinkers. Sharp problem-solvers. Builders who are wired to make an impact. Robinhood isn’t a place for complacency, it’s where ambitious people do the best work of their careers. We’re a high-performing, fast-moving team with ethics at the center of everything we do. Expectations are high, and so are the rewards. The Security GRC (Governance, Risk, and Compliance) team’s mission is to ensure Robinhood meets its “Safety Always” commitments through disciplined risk management, resilient control environments, and effective governance practices. We work closely with Information Security, Technology, Corporate Engineering, Enterprise Risk, and Compliance teams to maintain strong oversight of risk across the organization. Our team supports global regulatory alignment while enabling the business to build compliant, secure products efficiently. As a Senior Security GRC Analyst, you will focus on risk management across Information Security, Technology, and Corporate Engineering. You will conduct risk assessments, evaluate control effectiveness, support regulatory exams and audits, and provide clear reporting on risk posture. You will help strengthen how Robinhood manages risk across multiple regulatory environments through a centralized enterprise approach. This role offers exposure to international expansion efforts and the opportunity to contribute to automation and AI initiatives that improve control testing, reporting, and governance processes. The role is located in the office location(s) listed on this job description which will align with our in-office working environment. Please connect with your recruiter for more information regarding our in-office philosophy and expectations. Applications for this role will be accepted through April 10, 2026 . What you’ll do Conduct risk assessments for security exceptions and issues across Information Security, Technology, and Corporate Engineering, and recommend appropriate risk treatment actions. Perform security and technology control testing, including evaluating control design and operating effectiveness, and track remediation through closure. Partner with engineering leaders and entity CISOs to provide clear reporting on risk posture and alignment with enterprise standards and regulatory requirements. Support regulatory exams, audits, and due diligence activities, including SOC and ISO engagements, and coordinate responses across internal contributors. Monitor and report on risk metrics and trends to identify gaps, improve processes, and strengthen governance and resilience practices. Contribute to automation and AI-enabled improvements within the GRC function to streamline control testing, reporting, and risk management workflows. What you bring Bachelor’s degree in Computer Science, Engineering, Information Systems, Finance, or a related field, or equivalent practical experience. 5+ years of experience in security, technology risk, audit, or governance, risk, and compliance within a regulated industry (e.g., financial services, insurance, healthcare, legal). Experience conducting control testing, risk assessments, and supporting regulatory exams, including familiarity with SOC 2 and ISO frameworks. Understanding of how policies and standards support risk management and regulatory compliance, and experience managing exception governance processes. Ability to communicate effectively with senior leaders, including Directors and above, and guide discussions on risk posture and reme ... (truncated, view full listing at source)