GRC Analyst

From Fivetran’s founding until now, our mission has remained the same: to make access to data as simple and reliable as electricity. With Fivetran, customer data arrives in their warehouses, canonical and ready to query, with no engineering or maintenance required. We’re proud that more organizations continue to leverage our technology every day to become truly data-driven. About the Role At Fivetran, we're on a mission to make access to data as simple and reliable as electricity. Our fully automated platform moves data from 700+ sources to any destination reliably and securely — powering the analytics, AI, and decision-making that drives modern businesses forward. This role will be part of the GRC team. The Fivetran GRC team is responsible for ensuring the continuous integrity, confidentiality, and availability of customer data. Our customers trust us with their most sensitive information, and maintaining that trust is a critical, core component of both our product and our business. We are seeking a motivated and detail-oriented GRC Analyst to join our Security team. This role is ideal for a control-focused audit professional with a solid understanding of IT systems and infrastructure. Strong communication skills are essential, as is the ability to collaborate and influence across functions and levels of the organization. The position reports to the Director of GRC and will provide broad cross-functional exposure, working closely with teams across Security, Engineering, Operations, IT, and HR. This is a full-time position based in our Bangalore office. We offer a hybrid work model that blends remote flexibility with in-person collaboration, with two days per week in office. Technologies You’ll Use GRC platform for organizing, tracking, and managing controls, testing activities, and audit evidence Cloud platforms, including AWS, Azure, and GCP, for understanding and evaluating cloud-hosted environments and associated controls Jira for ticket management, workflow tracking, and cross-functional collaboration GitHub for version control and collaboration on security documentation and policy management Google Workspace for day-to-day productivity, documentation, and internal communication What You’ll Do Conduct control walkthroughs, testing, and evaluation of IT general controls and application controls across a complex systems landscape, with coverage spanning ISO 27001, PCI-DSS, SOC 1, SOC 2, and other applicable frameworks Partner with cross-functional teams to design, implement, and continuously improve control processes and related documentation Support third-party vendor assessments, evaluating vendors against established security and privacy standards and requirements Develop, maintain, and update Information Security Policies and Standards in alignment with industry best practices and regulatory obligations Participate in IT SOX scoping, risk assessment, and control design activities, contributing to the organization's overall internal control environment Prepare and deliver clear, accurate internal status reports to communicate control findings, remediation progress, and program updates to relevant stakeholders Skills We’re Looking For Demonstrated experience in security audit, IT audit, and risk management, with a strong understanding of control frameworks and audit methodologies Working knowledge of industry compliance frameworks, including NIST, ISO 27001, SOC 1, SOC 2, and PCI-DSS Familiarity with cloud technologies and environments, including one or more of GCP, AWS, and Azure, with an understanding of cloud-specific security and control considerations Strong analytical and technical problem-solving skills, with the ability to assess complex control environments and draw well-supported conclusions Proven ability to work collaboratively across functions, taking initiative and contributing constructively to shared team objectives Effective at managing multiple concurrent workstreams, with strong ... (truncated, view full listing at source)