[Hiring] GRC Analyst @Synthesia

Role Description

We are looking for a GRC Analyst to help us run and evolve our governance, risk, and compliance program in a way that is credible with technical teams and useful for the business. We are not looking for a traditional “paper compliance” role. The ideal candidate has a strong technical foundation - whether from engineering, IT management, DevOps, SRE, or a similar hands-on background - and can bridge the gap between how systems are actually built and operated (GitHub, CI/CD, Kubernetes, cloud, observability) and what we need to demonstrate for audits, customers, and leadership.

You will work closely with Engineering, DevOps/Platform, Security, Legal, and customer-facing teams to keep us audit-ready, reduce risk in practical ways, and support the next wave of compliance efforts (for example ISO 22301, and longer-term options like HITRUST and FedRAMP).

You don’t need to be a compliance expert, but if you have a solid background in security, are eager to learn, and are ready to be bold and take ownership, this role offers a great opportunity to grow quickly and actually have a real impact in a hypergrowth AI unicorn.

Qualifications

• Hands-on technical background (engineering, DevOps/SRE, IT management, or similar)
• Understanding of how cloud environments work, especially AWS
• Experience supporting audit cycles and knowledge of good evidence
• Organised, proactive, and able to drive multiple workstreams independently
• Clear, thoughtful communication across both technical and business audiences
• Technical aptitude: comfortable writing a simple script when needed, and experienced using AI and LLM tools in your work

Requirements

• Own and continuously improve our GRC program across ISO 27001, SOC 2, ISO 27701, and ISO 42001
• Partner with control owners to make compliance repeatable and low-friction
• Drive audit readiness: artifacts, timelines, action tracking, and clear control demonstration
• Improve policies, standards, and procedures to reflect actual operations
• Build strong working relationships with DevOps/Platform and engineering teams
• Evaluate technical implementations and validate evidence
• Translate technical reality into clear audit narratives without losing accuracy
• Contribute to risk identification and assessment across technical, operational, and vendor domains
• Maintain risk registers and track mitigations to closure
• Support leadership reporting by surfacing themes and trends
• Evaluate and prepare for ISO 22301, and potentially HITRUST and FedRAMP
• Identify gaps early and propose pragmatic roadmaps for engineering teams

Benefits

• Full-time employment only - no contractors possible
• Remote role from the UK OR an EU country

Company Description

Synthesia is the world’s leading AI video platform for business, used by over 90% of the Fortune 100. Founded in 2017, the company is headquartered in London, with offices and teams across Europe and the US. Following our recent Series E funding round, where we raised $200 million, our valuation stands at $4 billion. Our total funding exceeds $530 million from premier investors including Accel, NVentures (Nvidia's VC arm), Kleiner Perkins, GV, and Evantic Capital, alongside the founders and operators of Stripe, Datadog, Miro, and Webflow.