GRC Analyst

  • Mattermost
  • Toronto, ON
  • 25 Jun, 2024
Full time

Job Description

Mattermost provides secure, workflow-centric collaboration for technical and operational teams that need to meet nation-state-level security and trust requirements. We serve technology, public sector, national defense, and financial services industries with customers ranging from tech giants to the world’s largest banks, to the U.S. Department of Defense and governmental agencies around the world. 

Our self-hosted and cloud offerings provide integrated workflow automation, AI-acceleration, ChatOps with team messaging, audio calling and screen share on an open core platform vetted and deployed by the world’s most secure and mission critical organizations. 

We co-build the future of collaboration with over 4,000 open source project contributors who’ve provided over 30,000 code improvements towards our shared product vision, which is translated into 20 languages.
To learn more, visit

Mattermost is seeking a results-driven and analytical Governance, Risk & Compliance (“GRC”) Analyst to help ensure the security and compliance of the company. As the first member of our compliance team you will work closely with a globally distributed team to support compliance and risk management initiatives throughout the company, support and monitor established processes and policies, and help to further grow the GRC function at Mattermost.



  • Support and grow the Governance, Risk, and Compliance function at Mattermost.
  • Maintain and monitor security and privacy policies and training programs in partnership with other stakeholders.
  • Support and strengthen privacy and security risk management programs within the organization.
  • Collaborate with internal and external resources in conducting compliance audits.
  • Provide reporting on key performance indicators (KPIs) for compliance programs and security risks.
  • Manage the third-party risk management process for external vendors. 
  • Manage and respond to customer and prospect security questionnaires and requests.
  • Manage and respond to requests under GDPR/CCPA and other applicable privacy laws



  • 2 or more years experience in security risk management, information security, or other GRC areas.
  • Practical experience with one or more security or risk management standards (e.g. SOC2, ISO27001, FedRAMP, CMMC, NIST CSF, NIST 800-53).
  • Excellent analytical skills and ability to analyze security requirements and relate them to appropriate security controls.
  • Experience managing simultaneous projects across multiple teams.
  • Strong verbal and written communication skills with the ability to tailor communication on the other party


Preferred Background/Skill

  • Experience in supporting compliance with applicable privacy laws.
  • Experience in maintaining and implementing public sector compliance requirements.
Mattermost is an EEO Employer. We are a remote-first, open source company.

We are constantly working towards adding more countries/regions to this list, but first we need to make sure we are compliant with local laws and regulations, which takes time. 

Mattermost is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people from all walks of life. We don't discriminate against staff or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!