Senior Governance Risk and Compliance (GRC) Analyst
HeadwaySalary not specified
- Full Time
- Senior (5 to 8 years)
Not SpecifiedCompensation
Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Information Security, Cybersecurity, Technology ServicesIndustries
Position Overview
- Location Type: [Not Specified]
- Job Type: Full-time
- Salary: [Not Specified]
Upwork is the world’s largest work marketplace, connecting businesses with highly skilled professionals worldwide. From entrepreneurs to Fortune 100 enterprises, companies trust Upwork’s platform to access expert talent, leverage AI-powered work solutions, and drive meaningful business outcomes. Upwork’s AI-powered platform has facilitated over $20 billion in economic opportunity for professionals worldwide. With professionals spanning 10,000+ skills, including AI and machine learning, software development, sales and marketing, customer support, finance and accounting, and more, Upwork empowers businesses of all sizes to scale, innovate, and build agile teams.
We are looking for a Sr. Lead, GRC (Governance, Risk, and Compliance) to strengthen Upwork’s Information Security program by leading audit readiness and compliance operations across global frameworks and vendor requirements. This is an exciting opportunity to influence security strategy and work cross-functionally to ensure that Upwork meets the highest standards in data security and privacy. Join us in safeguarding our platform and enabling trust at scale for millions of users around the world.
As part of the Information Security team, you'll guide audit processes for ISO 27001, SOC 2 Type 2, and Microsoft SSPA, ensure that our ISMS and internal controls are up to date, and provide strategic insights into risk and compliance operations. Your work will support core business functions and help advance our enterprise-grade security posture.
Responsibilities
- Lead and manage internal and external audits for ISO 27001 and SOC 2 Type 2, including evidence collection, readiness assessments, and remediation tracking
- Own Upwork’s compliance with Microsoft Supplier Security and Privacy Assurance (SSPA), including completing the annual DPR and attestation
- Maintain and evolve the Information Security Management System (ISMS) and associated documentation to reflect Upwork’s growing business and risk landscape
- Collaborate with Engineering, IT, Legal, and Privacy teams to implement controls and address identified gaps efficiently and effectively
- Monitor and report on the enterprise risk register, audit findings, and key compliance metrics to drive transparency and accountability
- Act as the primary point of contact for auditors, assessors, and external stakeholders during audits and customer due diligence activities
- Track and interpret changes in regulatory and compliance frameworks to guide proactive adaptation and policy updates
Requirements
- 5+ years of experience in GRC, Information Security, or Compliance, ideally in a technology or cloud-first environment
- Proven expertise with ISO 27001, SOC 2, and third-party compliance programs like Microsoft SSPA
- Demonstrated success managing end-to-end audit processes and cross-functional compliance initiatives
- Strong project management, communication, and analytical skills with a track record of influencing cross-functional stakeholders
- Relevant certifications such as CISA, CRISC, or ISO 27001 Lead Auditor/Implementer are a plus
Company Information
Upwork is the world’s largest work marketplace, connecting businesses with highly skilled professionals worldwide. From entrepreneurs to Fortune 100 enterprises, companies trust Upwork’s platform to access expert talent, leverage AI-powered work solutions, and drive meaningful business outcomes.
Work Environment: Upwork is a global, remote-first workforce. While there is a physical office in Palo Alto, employees are hired in 21 U.S. states.
Culture: Our culture is built on trust, risk-taking, customer focus, and excellence, all in service of our core mission: to create economic opportunities so people have better lives. We embrace authenticity and inclusion, encouraging everyone to bring their whole selves to work. Personal and professional growth is a priority here, supported through development programs, mentorship, and our Upwork Belonging Communities.
Benefits: We’re proud to offer benefits that go beyond the basics.
Skills
Governance
Risk Management
Compliance
ISO 27001
SOC 2
Security Audits
ISMS
Vendor Management
Data Security
Privacy
Security Frameworks
Upwork
Online platform connecting freelancers and clients
About Upwork
Upwork connects freelancers with clients looking for various services in the gig economy, which focuses on short-term contracts instead of permanent jobs. The platform allows freelancers to create profiles that showcase their skills, while clients can post job listings for specific projects. Freelancers bid on these projects, and clients choose the best candidates based on proposals and reviews. Upwork earns revenue through service fees charged to freelancers based on their earnings, with a tiered structure that rewards long-term client relationships. The platform also offers premium memberships and additional services for enhanced visibility and access to job listings. Upwork provides tools for time tracking, invoicing, and project management, making it easier for both freelancers and clients to manage their work and payments. The goal of Upwork is to facilitate successful project completion by bridging the gap between freelancers and clients.
San Francisco, CaliforniaHeadquarters
2015Year Founded
$143.8MTotal Funding
IPOCompany Stage
Consulting, Enterprise SoftwareIndustries
10,001+Employees