Demo

Senior GRC Analyst

Black Kite
Boston, MA Full Time
POSTED ON 5/16/2026
AVAILABLE BEFORE 6/14/2026

ABOUT BLACK KITE

Black Kite is the global leader in third-party cyber risk intelligence, trusted by more than 3,000 organizations worldwide. We give security and business leaders a continuous, outside-in view of their entire vendor ecosystem — translating complex cyber, financial, and compliance signals into clear, actionable risk intelligence.


We go beyond open standards-based cyber ratings. Black Kite helps organizations make smarter risk decisions, strengthen business resilience, and scale their third-party cyber risk management programs in an increasingly complex digital environment. Our work has earned consistent recognition from customers and industry analysts alike.


WHY BLACK KITE

We’re a fast-moving, high-impact team solving one of the most critical challenges in cybersecurity today. If you’re looking to do meaningful work alongside sharp, collaborative people — and grow your career in a space that matters — you’re in the right place.


THE OPPORTUNITY

The Senior GRC Analyst reports to the Director of Information Security and owns three primary functions: the compliance platform (Vanta), inbound customer security assessments, and FedRAMP ConMon execution support. This is an independent practitioner role — direction comes from the Director, but you own your work without step-by-step guidance.

The "Senior" in this title is earned by the scope, not just the experience level. Owning the compliance platform means auditors see your work directly. Owning customer assessments means your responses are read by enterprise security teams before they sign. Supporting FedRAMP ConMon means authorization status depends in part on what you produce monthly. The stakes are real.


WHAT YOU’LL OWN

Compliance platform (Vanta) — primary owner

  • Own the compliance platform end-to-end: evidence library currency, control mapping accuracy, framework completeness across SOC 2, ISO 27001, FedRAMP, and GDPR
  • Evidence is current year-round — not assembled at audit time; no stale or missing evidence in any active certification domain

Customer security assessments — primary owner

  • Own the inbound customer assessment intake and response process — all RFPs and security questionnaires are assigned, tracked, and responded to within defined SLA
  • Collaborate with sales, legal, and technical teams on complex questionnaire responses; escalate novel or sensitive items to the Director
  • Maintain and improve the questionnaire response library across all active frameworks

FedRAMP ConMon — execution support

  • Support monthly ConMon reporting — vulnerability scan results, POA&M updates, and evidence — as primary executor
  • Maintain POA&M tracking accuracy; flag aging items to the Director before they breach defined thresholds

TPCRM and compliance support

  • Support third-party risk identification, assessment, and monitoring activities as directed
  • Monitor compliance framework and regulatory changes; assess impact and surface findings to the Director with a recommended response
  • Support internal audit processes — evidence coordination, control testing documentation, and auditor request responses


WHAT YOU BRING

  • 2–4 years of hands-on experience in GRC, compliance, or information security
  • Practical working knowledge of SOC 2, NIST, or ISO 27001 applied in a real compliance environment
  • Experience producing compliance evidence, contributing to audit cycles, or managing specific framework control domains independently
  • Familiarity with cloud services principles and their security and compliance implications
  • General knowledge of core security domains: network security, email security, endpoint protection, vulnerability scanning, access controls, log management
  • Strong written communication — audit-ready documentation produced independently


PREFERRED

  • Hands-on experience administering Vanta or an equivalent compliance platform as a primary owner — not just a user
  • Direct experience with FedRAMP ConMon — monthly reporting, POA&M tracking, evidence production
  • Experience owning or significantly contributing to a customer security questionnaire response program
  • Familiarity with TPCRM programs and vendor questionnaire workflows
  • Active or in-progress certification: CompTIA Security , CISA, CRISC, ISO 27001 Lead Auditor/Implementer, or equivalent


The expected base salary range for this role is $95,000-$110,000 per year. Compensation at Black Kite is more than just base pay — we offer a total rewards program that includes performance-based bonuses, equity, flexible healthcare options, paid time off, and retirement savings programs. The annual base salary range for this position represents a nationwide market range and reflects a broad spectrum of salaries for this role across the United States. Actual compensation will depend on factors such as qualifications, skills, experience, and the scope, complexity, and location of the role.

Salary : $95,000 - $110,000

If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

What is the career path for a Senior GRC Analyst?

Sign up to receive alerts about other jobs on the Senior GRC Analyst career path by checking the boxes next to the positions that interest you.
Income Estimation: 
$96,228 - $129,772
Income Estimation: 
$131,676 - $196,560
Income Estimation: 
$121,926 - $164,179
Income Estimation: 
$124,413 - $154,875
Income Estimation: 
$87,128 - $112,557
Income Estimation: 
$87,093 - $107,335
Income Estimation: 
$111,725 - $147,313
Income Estimation: 
$112,673 - $137,290
Income Estimation: 
$140,233 - $181,029
Income Estimation: 
$161,209 - $233,553
Employees: Get a Salary Increase
View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

Job openings at Black Kite

Product Manager
Apply
  • Black Kite Boston, MA
  • Black Kite is the global leader in third-party cyber risk intelligence, trusted by more than 3,000 organizations worldwide. We give security and business l... more
  • 16 Days Ago
Account Executive, Mid-Market - California (Remote)
Apply
  • Black Kite Boston, MA
  • Come join the leader in cyber third-party risk intelligence! Black Kite gives organizations a comprehensive, real-time view into cyber ecosystem risk so th... more
  • 16 Days Ago
Account Executive, Public Sector (D.C. Metro Area)
Apply
  • Black Kite Washington, DC
  • About Black Kite Come join the leader in cyber third-party risk intelligence! Black Kite gives organizations a comprehensive, real-time view into cyber eco... more
  • 14 Days Ago
Enterprise Account Executive - Northeast/NYC territory
Apply
  • Black Kite Boston, MA
  • Are you an experienced sales professional with a passion for technology and a proven track record of closing large deals? Do you thrive in a fast-paced, hi... more
  • 15 Days Ago
View More Jobs at Black Kite

Not the job you're looking for? Here are some other Senior GRC Analyst jobs in the Boston, MA area that may be a better fit.

Senior Governance, Risk & Compliance (GRC) Analyst
Apply
  • Nasuni Boston, MA
  • Location: Boston/Marlborough Hybrid (3 days) or Remote US Role Overview Nasuni is seeking a Senior GRC Analyst to strengthen and scale our governance, risk... more
  • 7 Days Ago
GRC Cybersecurity Analyst
Apply
  • Fractional CISO Auburndale, MA
  • About the Role: As a GRC Cybersecurity Analyst (CA), you will play a pivotal role securing our clients’ infrastructure, data and software. Beyond helping o... more
  • 6 Days Ago
View More Jobs

AI Assistant is available now!

Feel free to start your new journey!