GRC & Security Specialist - East Coast

Our story:

We’re anecdotes; a dynamic B-round startup founded in June 2020, who’s revolutionizing the Compliance Automation landscape for hyper-growth companies. At the heart of our mission is the belief that credible, visible, and actionable data should empower every GRC team's decision-making. Imagine a world where enterprises seamlessly collect and standardize data from hundreds of SaaS tools, cloud infrastructures, private networks, databases, and more. We bring that vision to life, providing continuous, real-time visibility into their Security Compliance posture.

What You'll Do:

• Assist in automating access revocation workflows to ensure timely and secure offboarding processes.
• Support configuration and monitoring of email security, including spam filters and phishing alerts.
• Track, escalate, research and triage InfoSec alerts and contribute to the development of continuous audit playbooks.
• Help define and maintain controls and evidence across compliance frameworks within Anecdotes platform ensuring completeness and ongoing monitoring.
• Routine upkeep of risk register, link risks to controls, and participate in regular risk review meetings.
• Create and monitor tasks tied to compliance requirements and controls within Anecdotes platform to support audit readiness and operational tracking.
• Conduct initial vendor security reviews and manage ongoing monitoring under the Vendor Management Framework.
• Support the creation and refinement of internal playbooks to guide recurring InfoSec and GRC processes.
  
  

Who You Are:

A detail oriented and curious professional eager to grow within the intersection of cybersecurity, GRC, and automation. You likely have:

• ISO27001 Lead Auditor, AI Security Fundamentals, ISC2 Certified in Cybersecurity, CompTIA Security+
• Completed Internal Audit, facilitated external audit - Must have
• Based in East Coast US - Must
• A strong interest in GRC, InfoSec, or IT operations, ideally with some academic or practical exposure.
• Foundational knowledge of compliance frameworks (e.g., SOC 2, ISO 27001, or NIST) or risk management principles.
• Familiarity with cloud environments, SaaS tools, or cybersecurity alerting is a plus.
• A proactive mindset with the ability to manage multiple tasks, follow through on assignments, and pay close attention to detail.
• Comfort working in a startup culture; adaptable, collaborative, and motivated to learn.
• Strong communication and documentation skills.
  
  

Above all, you're excited to join a company that's not only shaping the future of GRC but also values your voice, contributions, and professional development.

Our playground

anecdotes is a place where your ideas are heard, your contributions are valued, and your professional growth is a priority. Join us, and be part of a team that's not only shaping the future of GRC solutions but also redefining the way we work together.