This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
At Everlaw, our mission is to promote justice by illuminating truth. We build technology that helps legal teams find the information they need to achieve their truth-finding goals. As a GRCT Analyst, you will independently drive moderately complex trust, compliance, and risk workstreams that help Everlaw scale responsibly and earn customer and regulator trust over time. This role sits at the intersection of customer trust, compliance operations, audit readiness, risk management, documentation quality, and cross-functional execution.
Job Responsibility
Support audit readiness across core frameworks such as FedRAMP, SOC 2, and ISO 27001/27017/27018 by organizing evidence, maintaining documentation quality, and partnering with control owners to close gaps
Manage compliance operations that require structured follow-through, including evidence requests, policy and procedure updates, control narrative maintenance, and recurring review cycles
Partner cross-functionally with Security Engineering, DevOps, IT, Legal, People, Procurement, and other stakeholders to gather inputs, validate implementation details, and produce audit-ready or stakeholder-ready outputs
Help maintain strong execution against defined compliance SLAs, milestones, and recurring obligations, escalating risks early and driving issues through resolution
Translate technical, operational, and regulatory topics into clear written deliverables for internal and external audiences, including concise summaries of requirements, risks, tradeoffs, and recommendations
Support internal risk and governance processes, including security impact analyses, change-related compliance reviews, and other structured review workflows as assigned
Contribute to the on-going operation of the Public Sector Clearance Program, to include guiding new cohorts through the program, maintaining status and tracking open issues, and communicating program updates to Everlaw stakeholders
Manage customer security questionnaires, trust inquiries, and related diligence requests with minimal supervision, including researching answers, validating claims, gathering evidence, and producing accurate, customer-ready responses
Maintain and improve customer-facing trust content across repositories, trust portals, knowledge resources, and standard response libraries so that recurring requests can be answered more consistently and efficiently
Partner closely with Security Engineering, DevOps, Legal, GTM, Product, IT, and other stakeholders to collect inputs, resolve ambiguities, and ensure trust responses reflect current implementation and approved positioning
Help maintain strong execution against trust-related SLAs and operating expectations, including turnaround time, response quality, and internal coordination on high-priority or high-visibility requests
Identify gaps, inconsistencies, or stale content in trust materials and proactively drive updates so that customer-facing representations remain accurate, supportable, and easy to reuse
Support broader trust enablement initiatives, including trust center improvements, evidence library maintenance, standardization of response content, and process improvements that reduce manual effort and rework
Use workflow data and request trends to identify recurring customer concerns, bottlenecks, and improvement opportunities, then recommend practical changes to content, process, or tooling
Manage customer security questionnaire and trust inquiry workflows with minimal supervision, including researching answers, synthesizing evidence, improving repository content, and helping stakeholders receive timely and accurate responses
Own end-to-end delivery of moderately complex vendor review workstreams, including intake review, scoping, dependency management, stakeholder coordination, and timely completion with limited oversight
Conduct security and compliance reviews of third parties by gathering and analyzing documentation such as security questionnaires, architecture details, data flow information, attestations, policies, and contractual commitments
Evaluate vendor security posture against Everlaw requirements for confidentiality, integrity, availability, privacy, access control, incident response, change management, and regulatory obligations
Partner with Procurement, Legal, Security Engineering, IT, business owners, and other stakeholders to validate proposed use cases, clarify data access patterns, and ensure risks are understood before onboarding or renewal decisions are made
Help determine whether vendor controls, architecture, access models, and contractual terms are appropriate for the intended use case, and clearly document identified gaps, assumptions, compensating controls, and recommended next steps
Maintain strong execution against vendor review SLAs, queue expectations, and recurring review obligations, escalating blockers and higher-risk issues early
Own end-to-end delivery of moderately complex security training program workstreams, including planning, content coordination, stakeholder alignment, rollout tracking, and continuous improvement with limited oversight
Support the design, maintenance, and execution of security and compliance training required for Everlaw personnel, with particular attention to role-based, environment-specific, and regulatory training obligations
Maintain training content so it is accurate, current, and aligned with Everlaw policies, operational practices, and external requirements such as FedRAMP, CJIS, export control, and related obligations where applicable
Partner with GRCT, Legal, HR, Security, IT, and business stakeholders to gather subject matter input, validate training expectations, and ensure training materials reflect approved guidance and current operating reality
Coordinate recurring training cycles, onboarding-related assignments, acknowledgements, re-certifications, and related evidence collection so completion records are reliable, reviewable, and audit-ready
Help maintain strong execution against program deadlines, annual and periodic training obligations, and related audit or assessment requests by tracking status, identifying gaps early, and driving follow-through
Contribute to a training program that reinforces Everlaw principles by promoting disciplined execution, clear communication, respect for users, and a high bar for secure handling of sensitive data
Requirements
5+ years of experience working as an individual contributor with a Governance, Risk, Compliance and Trust team
Strong working knowledge of customer trust, compliance operations, risk, and the evidence and control narratives needed to support questionnaires, reviews, and audits
Experience supporting FedRAMP, SOC 2, ISO 27001/27017/27018, or similar compliance frameworks
Experience leading the completion of customer security questionnaires and working within trust portals, evidence repositories, or other GRC tooling software
Experience using workflow, metrics, or dashboard data to improve trust and compliance operations and to meet defined SLAs
Ability to independently research moderately complex questions, synthesize inputs from multiple stakeholders, and produce high-quality written deliverables with a high bar for clarity and accuracy
Ability to communicate complex topics simply and concisely, tailor communication to the audience, and navigate moderate disagreement while keeping focus on shared outcomes
Organized and reliable, maintain momentum across planned work and ad hoc requests, and escalate thoughtfully before risks become blockers
Ability to think beyond the immediate request and consider how current decisions affect future operations, compliance posture, and stakeholder experience
Comfortable operating in environments with some ambiguity, shifting priorities, and multiple stakeholders
Sound judgment, professional maturity, and a strong sense of accountability when handling sensitive or high-visibility work
What we offer
Equity program
401(k) retirement plan with company matching
Health, dental, and vision
Flexible Spending Accounts for health and dependent care expenses
Paid parental leave and approximately 10 days (80 hours) per year of sick leave
Seventeen paid vacation days plus 11 federal holidays
Membership to Modern Health to help employees prioritize mental health and wellness
Annual allocation for Learning & Development opportunities and applicable professional membership dues
Company-sponsored life and disability insurance
Work in Downtown Oakland, just steps from the BART line and dozens of restaurants
Powerful Linux laptop
Team lunches and out-of-the-box events
Ranked #1 on G2 for Ediscovery Software and Momentum
Free eDiscovery resources through Everlaw for Good
Time off for company-sponsored volunteer events and 4 paid hours per quarter to volunteer at a charitable organization