Senior Staff Analyst - GRC

Senior Staff Analyst - GRC at Mozilla

Join Mozilla as a Senior Staff Analyst in our Governance, Risk, and Compliance (GRC) team. In this role, you will help shape our GRC framework, ensuring that we maintain a safe and secure internet for everyone.

About the Role

This position is part of the Security Function within Mozilla's Infrastructure team. You will define, develop, and implement a GRC framework for both our Enterprise and Product verticals. Your work will align security, privacy, regulatory, and risk management initiatives across the organization. We are looking for a collaborative leader with expertise in information security and regulatory compliance.

What You'll Do

• Governance: Develop and maintain a comprehensive GRC strategy and roadmap aligned with business objectives. Lead the creation and enforcement of standards, policies, controls, audits, and reporting across various enterprise and product verticals.
• Risk Management: Develop and operationalize a risk assessment and management framework to prioritize and remediate critical issues. Define and deliver measurable scorecards and metrics for data-driven decision-making.
• Compliance: Ensure compliance with various regulatory standards and frameworks (ISO, NIST, SOC2, CCPA, GDPR, etc.). Lead internal and external audit activities, tracking and resolving deficiencies and remediations.
• Collaboration: Partner closely with Legal, IT, Finance, and Security to align on the GRC program and deliver a cohesive integrated risk management framework.
• Data Management: Define requirements and reporting for data lifecycle management across enterprise and product domains, working with the data platform and legal teams.

What We're Looking For

• 10+ years of experience in developing and delivering an integrated GRC framework.
• Strong understanding of regulatory frameworks, processes, and tools related to GRC.
• Experience leading cross-functional requirements for product and enterprise teams to implement compliance controls.
• Relevant industry certifications (CISA, CISSP, CISM, CRISC, etc.).
• Hands-on understanding of various technologies and tools (SIEM, BI Tools).
• Ability to develop Root Cause Analysis (RCA) and remediation plans with stakeholders.
• Strong critical thinking skills and the ability to drive long-term organizational impact.
• A proactive approach with the ability to navigate constraints to achieve business outcomes.
• Ability to collaborate and influence diverse stakeholders to address challenges and lead change.

What We Offer

• Generous performance-based bonus plans for eligible employees.
• Rich medical, dental, and vision coverage.
• Generous retirement contributions with 100% immediate vesting.
• Quarterly all-company wellness days.
• Country-specific holidays plus a day off for your birthday.
• One-time home office stipend.
• Annual professional development budget.
• Quarterly well-being stipend.
• Considerable paid parental leave.
• Employee referral bonus program.
• Other benefits (life/AD&D, disability, EAP, etc. - varies by country).

About Mozilla

At Mozilla, you have the opportunity to make a difference in the lives of web users everywhere. We create technology that prioritizes people and their privacy. Join us in making the internet a healthier and happier place for everyone.

Commitment to Diversity, Equity, and Inclusion

Mozilla values diverse creative practices and believes that diversity, equity, and inclusion are essential to our mission. We encourage applications from everyone, including members of all equity-seeking communities.

We ensure qualified individuals with disabilities receive reasonable accommodations during the application or interview process. Please contact us at hiringaccommodation@mozilla.com to request accommodation.

We are an equal opportunity employer and do not discriminate based on race, religion, gender, disability, sexual orientation, age, or any other characteristic protected by law.

#LI-REMOTE

Req ID: R2956