About the Role
he GRC Analyst is a key contributor to Tango’s security, compliance, and privacy programs. This role owns day-to-day execution of vendor risk management and customer security assurance activities, and plays a central role in supporting audits, maintaining security documentation, and gathering evidence across the organization.
The GRC Analyst will partner closely with Security, Engineering, IT, Legal, and Product teams to ensure compliance activities meaningfully reduce risk and scale with the business.
Key Responsibilities:
Audit & Compliance Support
Support internal and external audits (e.g., SOC 2, ISO 27001, FedRAMP-related activities, privacy assessments)
Coordinate evidence collection across teams and systems
Track audit findings, corrective actions, and remediation status
Help improve audit readiness by identifying gaps, stale controls, or weak evidence early
Risk, Privacy & Program Maturity
Assist in identifying, documenting, and tracking security and compliance risks
Support privacy program activities, including data mapping, DPIAs, and regulatory alignment (as applicable)
Help evolve Tango’s GRC processes, leveraging automation and AI tools
Third-Party Risk Management
Perform and document third-party risk assessments
Partner with internal teams to ensure vendor risks are identified, documented, and addressed appropriately
Maintain vendor risk records, evidence, and reporting to support audits and leadership visibility
Continuously improve the vendor risk process to reduce friction while maintaining appropriate risk coverage
Customer Security Assurance
Work with internal teams to respond to customer security questionnaires, assessments, and support RFPs
Create, maintain, and improve customer-facing security documentation
Requirements
Requirements:
- 2–4+ years of experience in GRC, security compliance, risk management, or audit support roles
- Hands-on experience with vendor risk management and/or customer security questionnaires
- Familiarity with common security frameworks and reports (SOC 2, ISO 27001, NIST, SIG, CAIQ, etc.)
- Strong written communication skills with the ability to produce clear, defensible documentation
- Highly organized, detail-oriented, and able to manage multiple concurrent workstreams
Nice to Have:
- Experience supporting SaaS environments and cloud-based architectures
- Exposure to privacy regulations (GDPR, CCPA/CPRA) and privacy program operations
- Experience with GRC tooling (e.g., Drata, Vanta, or others)
- Prior experience supporting regulated environments or customer-driven assurance programs
About the Company
At Tango Analytics, we’re all about helping businesses make smarter decisions through powerful technology, insightful data, and a whole lot of collaboration. Whether you're a creative thinker, a strategic planner, a tech wizard, or a customer champion, there's a place for you on our team. We believe work should be meaningful and fun — so if you're ready to make a difference while enjoying the journey, come join us and let's Tango!