Senior GRC Analyst
About the role
Why Join Doppel
Doppel is built to outsmart one of the great threats AI presents: mass-manufactured social engineering. Countless scams, deepfakes, and other social engineering attacks are surging across every digital channel: websites, social media, ads, encrypted messaging apps, mobile, and more.
Our mission is simple but bold: make the internet a safer place by outsmarting the world’s fastest-evolving digital threats.
Backed by top-tier investors and trusted by some of the world’s most recognized brands, Doppel is growing fast. If you’re driven to solve real-world problems with bold technology, we’d love to meet you.
What We're Looking For
We’re seeking a Senior Governance, Risk & Compliance (GRC) Analyst to lead our certification and assurance programs, owning SOC 2 end‑to‑end and driving ISO 27001, ISO 27701, and ISO 42001 audit preparation and ongoing maintenance. You’ll be the program lead partnering with Security, Engineering, IT, Legal, and Sales to keep controls effective, risks managed, and customer trust high.
What You'll Do
- Lead audits & certifications: Own preparation, execution, and ongoing maintenance for ISO 27001, ISO 27701, ISO 42001, and SOC 2, including gap analyses, remediation, evidence collection, auditor coordination, and management system documentation.
- Manage enterprise risk: Operate the security and enterprise risk program, maintain the risk register, perform system/vendor/AI risk assessments, and drive remediation and risk acceptance processes.
- Ensure control effectiveness: Design and execute control testing, track exceptions and corrective actions, and streamline compliance across frameworks (ISO, SOC 2, NIST, GDPR/CPRA, PCI, HIPAA/HITRUST).
- Oversee access governance: Lead periodic access reviews, enforce least-privilege and joiner/mover/leaver controls, and monitor privileged account usage.
- Drive vendor & third-party risk management: Conduct due diligence, risk tiering, contract security/privacy requirements, and ongoing monitoring of critical suppliers and partners.
- Support customer trust: Own security and privacy questionnaires, RFP responses, and Trust Center content; engage with customers and sales teams to communicate our security posture.
- Advance governance & privacy: Maintain the policy lifecycle, role-based training, and privacy processes.
- Enhance resilience & reporting: Support incident response exercises, business continuity/disaster recovery testing, and deliver dashboards/metrics on risks, controls, access reviews, vendor posture, and audit readiness.
Minimum Requirements
- 5–7+ years in GRC, audit, or risk. At least 3+ years leading ISO 27001 certification/surveillance cycles and SOC 2 Type II audits; hands‑on experience with ISO 27701 and ISO 42001 or equivalent AI governance programs.
- Proven ownership of SOC 2 programs (scope, controls, evidence, auditor management) and continuous compliance in cloud‑first environments (AWS/Azure/GCP, SaaS).
- Strong command of management systems (ISMS/PIMS/AIMS), Trust Services Criteria, control testing, sampling, and evidence sufficiency.
- Practical experience running access certifications, vendor risk reviews, and customer security questionnaires/RFPs at scale.
- Familiarity with privacy and data governance (GDPR/CPRA), and secure SDLC/change management.
- Comfortable with GRC tooling and automation, ticketing and collaboration workflows, and basic scripting/queries to pull evidence when needed.
- Clear communicator who can instill a culture of accountability.
Join Doppel
Doppel is the first platform built to dismantle digital deception at scale. We scan over 150 million entities daily and deploy continuously adaptive AI SOC agents, paired with expert human analysts, to uncover and disrupt the infrastructure behind phishing, impersonation, and online fraud before attacks can spread. Our Threat Grid turns every customer signal into shared intelligence, making each disruption smarter, faster, and more effective.
We’re not just another cybersecurity company. We’re defining the future of social engineering defense, where trust is protected, and deception becomes unprofitable. Backed by top-tier investors and trusted by some of the world’s most recognized brands, Doppel is growing fast. If you’re driven to solve real-world problems with bold technology, we’d love to meet you.
Compensation Range: $120K - $140K
About Doppel Farmaceutici
Doppel Farmaceutici is an Italian Company operating in the pharmaceutical market with competence, seriousness and reliability, since 1994.
Since the beginning, Doppel chose to be a “Partner in Outsourcing” for its Customers, able to take care of the whole life of Customer’s products (from the formulation, to development, up to marketing and post-marketing controls and analysis). Doppel can also support its Customers offering services, products and advice complementary to pharmaceutical production.
Senior GRC Analyst
About the role
Why Join Doppel
Doppel is built to outsmart one of the great threats AI presents: mass-manufactured social engineering. Countless scams, deepfakes, and other social engineering attacks are surging across every digital channel: websites, social media, ads, encrypted messaging apps, mobile, and more.
Our mission is simple but bold: make the internet a safer place by outsmarting the world’s fastest-evolving digital threats.
Backed by top-tier investors and trusted by some of the world’s most recognized brands, Doppel is growing fast. If you’re driven to solve real-world problems with bold technology, we’d love to meet you.
What We're Looking For
We’re seeking a Senior Governance, Risk & Compliance (GRC) Analyst to lead our certification and assurance programs, owning SOC 2 end‑to‑end and driving ISO 27001, ISO 27701, and ISO 42001 audit preparation and ongoing maintenance. You’ll be the program lead partnering with Security, Engineering, IT, Legal, and Sales to keep controls effective, risks managed, and customer trust high.
What You'll Do
- Lead audits & certifications: Own preparation, execution, and ongoing maintenance for ISO 27001, ISO 27701, ISO 42001, and SOC 2, including gap analyses, remediation, evidence collection, auditor coordination, and management system documentation.
- Manage enterprise risk: Operate the security and enterprise risk program, maintain the risk register, perform system/vendor/AI risk assessments, and drive remediation and risk acceptance processes.
- Ensure control effectiveness: Design and execute control testing, track exceptions and corrective actions, and streamline compliance across frameworks (ISO, SOC 2, NIST, GDPR/CPRA, PCI, HIPAA/HITRUST).
- Oversee access governance: Lead periodic access reviews, enforce least-privilege and joiner/mover/leaver controls, and monitor privileged account usage.
- Drive vendor & third-party risk management: Conduct due diligence, risk tiering, contract security/privacy requirements, and ongoing monitoring of critical suppliers and partners.
- Support customer trust: Own security and privacy questionnaires, RFP responses, and Trust Center content; engage with customers and sales teams to communicate our security posture.
- Advance governance & privacy: Maintain the policy lifecycle, role-based training, and privacy processes.
- Enhance resilience & reporting: Support incident response exercises, business continuity/disaster recovery testing, and deliver dashboards/metrics on risks, controls, access reviews, vendor posture, and audit readiness.
Minimum Requirements
- 5–7+ years in GRC, audit, or risk. At least 3+ years leading ISO 27001 certification/surveillance cycles and SOC 2 Type II audits; hands‑on experience with ISO 27701 and ISO 42001 or equivalent AI governance programs.
- Proven ownership of SOC 2 programs (scope, controls, evidence, auditor management) and continuous compliance in cloud‑first environments (AWS/Azure/GCP, SaaS).
- Strong command of management systems (ISMS/PIMS/AIMS), Trust Services Criteria, control testing, sampling, and evidence sufficiency.
- Practical experience running access certifications, vendor risk reviews, and customer security questionnaires/RFPs at scale.
- Familiarity with privacy and data governance (GDPR/CPRA), and secure SDLC/change management.
- Comfortable with GRC tooling and automation, ticketing and collaboration workflows, and basic scripting/queries to pull evidence when needed.
- Clear communicator who can instill a culture of accountability.
Join Doppel
Doppel is the first platform built to dismantle digital deception at scale. We scan over 150 million entities daily and deploy continuously adaptive AI SOC agents, paired with expert human analysts, to uncover and disrupt the infrastructure behind phishing, impersonation, and online fraud before attacks can spread. Our Threat Grid turns every customer signal into shared intelligence, making each disruption smarter, faster, and more effective.
We’re not just another cybersecurity company. We’re defining the future of social engineering defense, where trust is protected, and deception becomes unprofitable. Backed by top-tier investors and trusted by some of the world’s most recognized brands, Doppel is growing fast. If you’re driven to solve real-world problems with bold technology, we’d love to meet you.
Compensation Range: $120K - $140K
About Doppel Farmaceutici
Doppel Farmaceutici is an Italian Company operating in the pharmaceutical market with competence, seriousness and reliability, since 1994.
Since the beginning, Doppel chose to be a “Partner in Outsourcing” for its Customers, able to take care of the whole life of Customer’s products (from the formulation, to development, up to marketing and post-marketing controls and analysis). Doppel can also support its Customers offering services, products and advice complementary to pharmaceutical production.