TL;DR

GRC Senior Analyst (Security): Building and improving Notion's information security posture through governance, risk, and compliance with an accent on coordinating evidence collection for compliance frameworks and maintaining security policies. Focus on using custom AI agents for automation to scale GRC programs and identifying security control gaps across the organization.

Location: Hybrid. Must work from San Francisco, California or New York, New York offices on Mondays, Tuesdays, and Thursdays.

Salary: $190,000–$210,000 per year

Company

Notion is a product company that provides a flexible workspace for documents, notes, projects, calendar, and email, integrating AI to enhance productivity for millions of users.

What you will do

  • Coordinate evidence collection, manage timelines with internal partners, and support external auditors for compliance frameworks (e.g., SOX ITGCs, SOC 2 Type II, ISO, HIPAA, BSI C5).
  • Help improve and maintain information security policies, controls, procedures, and standards for processes, applications, and infrastructure.
  • Use and help build custom AI agents and automation to scale and mature Security GRC programs, such as automating evidence collection and control monitoring.
  • Contribute to the development of dashboards and metrics for compliance and audit reporting.
  • Implement and expand continuous control monitoring efforts using compliance automation tools.
  • Identify gaps in security controls and collaborate with teams to strengthen them.

Requirements

  • Bachelor’s or master’s degree in Computer Science, Information Technology, Management Information Systems, or Cybersecurity, or equivalent practical experience.
  • Strong understanding of the governance, risk, and compliance (GRC) domain and its importance for organizational security and privacy.
  • Familiarity with compliance automation tools (e.g., Anecdotes, Vanta) and cloud technologies (e.g., AWS, Wiz) and their relationship to risk and compliance.
  • Ability to communicate complex ideas clearly to stakeholders and a collaborative mindset.
  • Must work from Notion offices in San Francisco, California or New York, New York on Mondays, Tuesdays, and Thursdays.
  • Curiosity and willingness to adopt AI tools to work smarter and deliver better results.

Nice to have

  • Experience (typically 4-5+ years) in the GRC, risk, compliance, or audit domain.
  • Working knowledge of Notion and how AI agents can be used to enhance GRC programs.

Culture & Benefits

  • In-person collaboration is essential with required office attendance on Mondays, Tuesdays, and Thursdays.
  • Highly competitive cash compensation, equity, and benefits are offered.
  • Committed to providing reasonable accommodations for qualified individuals with disabilities.
  • Proud to be an equal opportunity employer and values diverse backgrounds.