Governance, Risk & Compliance (GRC) Analyst

Our Team

At Peregrine, we build software to power critical decision-making for public safety and emergency response organizations. These organizations use our technology to protect lives, protect property, and deliver their best service to the public.

We are motivated to help institutions solve their hardest problems through better decision-making. We are passionate about creating cutting-edge, highly scalable data platforms that enable organizations to transform the way they interact with their data.

As a team of service-oriented entrepreneurs, we trust each other, help each other, and dive into challenges together. We each strive to be empathetic, curious, inclusive, brave, and exceptional in our execution. Our customers are our partners; we listen to their needs, learn from their experiences, and develop effective software solutions to help them achieve transformational outcomes for their communities. Further, our team is advised by leading experts and practitioners in emergency management, justice, and civil liberties. These experts ensure we develop technology that is both operationally effective and trust-enhancing.

The Role

As the first of its kind, the Governance, Risk, and Compliance Analyst role ensures that the company adheres to applicable laws, policies, governance, and contractual commitments pertaining to information, operations and personnel security. This is an essential position for implementing and maintaining compliance frameworks, supporting external audits, policy review and continuous compliance practices, among many other key compliance activities.

This role requires a deep passion for providing operational excellence in the security of our AWS gov cloud infrastructure and application while also creating and managing compliance with policies and SOPs. You will lead security assessments and audits and monitor and manage compliance of implemented enterprise information security controls. You’ll also serve as a company representative with prospects, customers, and partners by assisting with all security and compliance procedures and inquiries. We’re looking for a security and privacy professional to partner with our world-class product and engineering teams to solve some of our most ambiguous and sensitive problems for government agencies.

About you

• Demonstrated experience in the following areas:
  • AWS services, particularly with tools like AWS GuardDuty, AWS SecurityHub, Amazon Inspector, AWS Config, and IAM management.
  • Compliance management platforms such as Vanta, Drata, SecureFrame or HyperProof.
  • Federated Identity and Access Management solutions and technologies (ie. Microsoft Entra, AWS IAM, Okta, Duo).
  • Application and Device management best practices (Endpoint Protection, Mobile Device Management).
• Proven track record of creating the best compliance and cloud-focused procedures from 0-to-1 to protect our customers’ data privacy.
• Ability to manage multiple tasks, especially supporting documentation, audits, and compliance activities across multiple customers with differing requirements.
• Comfort and ability to thrive in a rapidly growing, fast-paced, and often ambiguous environment where you have multiple responsibilities across various domains and operate with a significant degree of autonomy.
• A service-oriented mindset where no task is too big or too small for the sake of delivering consistent excellence for our customers.

What we look for

• At least 7-10 years of comprehensive experience in information security, compliance, or risk management roles within industries with sensitive data, such as healthcare, banking, e-commerce, security assessment, or compliance auditing firms, or government contracting, where data governance and compliance are critical.
• Certifications relevant to the technologies and responsibilities outlined (e.g., CGRC, CRISC, CISA, CIPP, HCISPP, CISSP, AWS, CCSP, etc.) are highly desirable.
• Strong analytical and problem-solving skills, with hands-on experience implementing secure architectures, assessing risks, and managing vulnerabilities within cloud-native and hybrid environments.
• proficiency in applying access controls, encryption standards, and continuous monitoring tools to ensure compliance and protect sensitive data.
• Exposure to public safety, justice, or similar agencies, even indirectly, is advantageous.
  • Alternatively, a strong understanding of regulated data (CJI, ePHI) and compliance frameworks would be beneficial.
• Excellent communication and interpersonal skills, capable of working effectively with cross-functional teams, setting and achieving expectations on solution delivery.
• Located in the United States.

Salary Range: $140,000 - $170,000 Annually + Benefits + Equity (if applicable) + Bonus (if applicable)

Actual compensation is influenced by a wide array of factors including but not limited to skill set, level of experience, and specific work location. Information on the benefits offered is here.