Senior GRC Analyst

Application Deadline: 5 June 2026Department: SecurityEmployment Type: Full TimeLocation: NapaReporting To: Stephen HicksCompensation: $110,000 - $140,000 / yearDescriptionLocation: This is a remote position; however, candidates must work on the Pacific Time ZoneYou’re the kind of person who helps others succeed.You’re sharp, resourceful, and calm under pressure—the one people count on when technology misbehaves. You love solving problems, restoring order, and creating moments where others can breathe again because you’ve got it handled.But lately, you might be craving a team that matches your standards—where doing great work and helping others thrive go hand in hand.That’s where Endsight comes in.Who We AreEndsight is a fast-growing IT Managed Service Provider built on one core belief:When we help others thrive, we thrive too.We partner with small and mid-sized organizations—including nonprofits—to ensure their technology performs flawlessly so they can focus on what they do best.We’re a team that learns fast, leans in, and looks out for one another. Life here feels like being part of a great university—you’ll grow quickly, connect deeply, and do work that truly matters.About The RoleEndsight is looking for a Senior Compliance & Governance Analyst to help clients navigate cybersecurity compliance, governance, and risk management with clarity and structure.This role serves as a primary security and compliance point of contact for Endsight clients, especially MSSP clients with elevated compliance needs. It also supports Endsight's internal governance and data protection efforts.This is a client-facing advisory, coordination, and implementation role. Endsight is not an auditing firm and does not perform formal audits. Instead, this position helps clients prepare for, understand, and manage compliance efforts across frameworks such as CMMC, ISO 27001, HIPAA, SOC 2, CIS, and NIST.The ideal candidate is organized, highly communicative, strong in technical writing, comfortable managing multiple stakeholders, and able to translate complex compliance requirements into practical next steps.Purpose--What You'll DoServe as the primary compliance and governance contact for assigned MSP and MSSP clients. Guide clients through compliance readiness efforts, including planning, documentation, policy development, evidence preparation, and auditor-facing coordination. Own the onboarding and ongoing service experience for compliance-focused MSSP clients. Prepare and deliver compliance-focused security QBRs, cadence calls, and client status updates. Write, update, and maintain Written Information Security Programs, security policies, governance documentation, and related client-facing materials. Help scope, coordinate, and manage compliance and security projects to ensure work is scheduled, communicated, and delivered on time. Support Microsoft Purview, data governance, sensitivity labeling, and Bronze/Silver/Gold data classification initiatives for Endsight and its clients. Advise internal leaders on compliance, governance, data protection, and risk management needs. Coordinate with security analysts, Client Strategy Managers (CSMs), consultants, leadership, and client stakeholders to keep compliance work moving. Participate in customized cybersecurity awareness training efforts for clients. Support the security team's shared SOC alert and on-call process by assisting with initial triage and communication when needed. This is not a hands-on technical support role. This role is expected to be approximately:| Estimate | Focus Area| 40% | Client-facing MSSP compliance and governance work| 25% | Internal compliance and governance support| 20% | Research, development, and service improvement| 15% | Administrative coordination, scheduling, and documentationThese percentages are estimates and may shift based on client needs, internal priorities, and service development goals.What Success Looks LikeClients clearly understand where they stand, what comes next, and what Endsight is doing on their behalf. Compliance work is organized, scheduled, tracked, and communicated effectively. Policies, WISPs, QBRs, status updates, and client documentation are accurate, practical, and delivered on time. Internal and external stakeholders trust you as a calm, clear, and knowledgeable compliance resource. Endsight's compliance and governance practice continues to mature through better process, documentation, and client experience. You can balance client advocacy with realistic guidance, especially when expectations need to be reset. Skills, Knowledge and ExpertiseRequired Qualifications Bachelor's degree and 6+ years of relevant experience, or 10+ years of IT, cybersecurity, compliance, or governance experience in lieu of a degree. Experience advising clients or internal stakeholders on security governance, compliance readiness, and risk management. Working knowledge of compliance and security frameworks such as NIST, CIS Controls, SOC 2, ISO 27001, HIPAA, and/or CMMC. Minimum 2 years of experience with Microsoft Purview, including data governance, sensitivity labeling, information protection, or related Microsoft 365 compliance capabilities. SC-401 passed within three months of hire or previously attained. Endsight will pay for training and exams if not previously completed. CCP certification within six months of hire or previously attained. Endsight will pay for training and exams if not previously completed. Strong technical writing skills, including the ability to create policies, security program documentation, status reports, and executive/client-facing communications. Excellent communication, organization, collaboration, and follow-through. Ability to manage competing demands across clients, internal teams, and leadership priorities. Strong attention to detail. Ability to work independently in a remote environment. Self-motivated, proactive, and comfortable moving work forward without constant direction. U.S. citizenship. Preferred QualificationsCurrent CCP and Microsoft SC-401 certification. CISA, CISM, CISSP, or similar governance, risk, compliance, or security certification. Experience in an MSP, MSSP, consulting, or client-facing security services environment. Experience supporting clients through CMMC, ISO 27001, HIPAA, SOC 2, or other regulated compliance efforts. Familiarity with security QBRs, client roadmaps, compliance reporting, and executive-level risk communication. Ability to turn complex requirements into practical plans, visuals, summaries, and client-ready explanations. Strong analytical and problem-solving skills. Genuine curiosity for cybersecurity, governance, and continuous improvement. BenefitsMedical: Company pays 100% of the base plan for the employee and familyDental & Vision401(k) with employer matchingAccrued Paid Time Off9 Paid HolidaysCareer Pathing