Skip to main content
Back to jobs

Governance, Risk, Compliance & Trust Analyst

External
everlaw logoEverlaw · Oakland, CA
Full-timeOn-site1d ago
ComplianceDocumentationRisk ManagementSOC 2
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role


Benefits

Vision insurance

Additional Information

At Everlaw, our mission is to promote justice by illuminating truth. We build technology that helps legal teams find the information they need to achieve their truth-finding goals. As a GRCT Analyst, you will independently drive moderately complex trust, compliance, and risk workstreams that help Everlaw scale responsibly and earn customer and regulator trust over time. This role sits at the intersection of customer trust, compliance operations, audit readiness, risk management, documentation quality, and cross-functional execution. You will help translate Everlaw's security and compliance posture into clear, accurate, audit-ready, and customer-ready outputs. You will also help the GRCT team operate in a way that reflects Everlaw's long-term philosophy: acting with integrity and discipline, paying attention to detail, improving process over time, setting a high bar for quality, and partnering with others in an egoless and respectful way. This is a career-core individual contributor role for someone who can own work end to end with limited oversight, navigate ambiguity, communicate clearly with stakeholders, and improve how trust and compliance work gets done over time. Getting started We want you to feel like part of the team early on! Our onboarding process will integrate you into the company with informative sessions on our product, policies, processes, and team structure and goals. We're excited for you to learn, grow, and contribute right away! We trust that you'll bring experience and knowledge that will uplift and uplevel the team, but we don't expect you to know everything on Day 1. In your role, you'll... Compliance Support audit readiness across core frameworks such as FedRAMP, SOC 2, and ISO 27001/27017/27018 by organizing evidence, maintaining documentation quality, and partnering with control owners to close gaps. Manage compliance operations that require structured follow-through, including evidence requests, policy and procedure updates, control narrative maintenance, and recurring review cycles. Partner cross-functionally with Security Engineering, DevOps, IT, Legal, People, Procurement, and other stakeholders to gather inputs, validate implementation details, and produce audit-ready or stakeholder-ready outputs. Help maintain strong execution against defined compliance SLAs, milestones, and recurring obligations, escalating risks early and driving issues through resolution. Translate technical, operational, and regulatory topics into clear written deliverables for internal and external audiences, including concise summaries of requirements, risks, tradeoffs, and recommendations. Support internal risk and governance processes, including security impact analyses, change-related compliance reviews, and other structured review workflows as assigned. Contribute to the on-going operation of the Public Sector Clearance Program, to include guiding new cohorts through the program, maintaining status and tracking open issues, and communicating program updates to Everlaw stakeholders. Customer Trust Manage customer security questionnaires, trust inquiries, and related diligence requests with minimal supervision, including researching answers, validating claims, gathering evidence, and producing accurate, customer-ready responses. Maintain and improve customer-facing trust content across repositories, trust portals, knowledge resources, and standard response libraries so that recurring requests can be answered more consistently and efficiently. Partner closely with Security Engineering, DevOps, Legal, GTM, Product, IT, and other stakeholders to collect inputs, resolve ambiguities, and ensure trust responses reflect current implementation and approved positioning. Help maintain strong execution against trust-related SLAs and operating expectations, including turnaround time, response quality, and internal coordination on high-priority or high-visibility requests. Identify gaps, inconsistencies, or stale content in trust materials and proactively drive updates so that customer-facing representations remain accurate, supportable, and easy to reuse. Support broader trust enablement initiatives, including trust center improvements, evidence library maintenance, standardization of response content, and process improvements that reduce manual effort and rework. Use workflow data and request trends to identify recurring customer concerns, bottlenecks, and improvement opportunities, then recommend practical changes to content, process, or tooling. Manage customer security questionnaire and trust inquiry workflows with minimal supervision, including researching answers, synthesizing evidence, improving repository content, and helping stakeholders receive timely and accurate responses. Vendor Reviews Own end-to-end delivery of moderately complex vendor review workstreams, including intake review, scoping, dependency management, stakeholder coordination, and timely completion with limited


Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at everlaw? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect