GRC Analyst, Security

About Ethos

Ethos was built to make it faster and easier to get life insurance for the next million families. Our approach blends industry expertise, technology, and the human touch to find you the right policy to protect your loved ones.

We leverage deep technology and data science to streamline the life insurance process, making it more accessible and convenient. Using predictive analytics, we are able to transform a traditionally multi-week process into a modern digital experience for our users that can take just minutes! We’ve issued billions in coverage each month and eliminated the traditional barriers, ushering the industry into the modern age. Our full-stack technology platform is the backbone of family financial health.

We make getting life insurance easier, faster and better for everyone.

Our investors include General Catalyst, Sequoia Capital, Accel Partners, Google Ventures, SoftBank, and the investment vehicles of Jay-Z, Kevin Durant, Robert Downey Jr and others. This year, we were named on CB Insights' Global Insurtech 50 list and BuiltIn's Top 100 Midsize Companies in San Francisco. We are scaling quickly and looking for passionate people to protect the next million families!

About the role

The trust and safety team is responsible for safeguarding Ethos information assets, managing technology compliance, and ensuring the trust, privacy, and safety of Ethos customers and employees. As a key member of the GRC team, within the overall trust and safety team, this is a great opportunity to shape the compliance, governance, and privacy vision for the organization and drive innovation throughout relevant processes, technology solutions, and people. You will work with interesting and challenging use cases, technologies, and processes, define and implement predictive compliance controls, drive automation/efficiencies in privacy processes, 3rd party risk management, and regulatory, industry, and partner compliance activities. You will wear many hats, from advisor to doer, and everything in-between.

Roles and responsibilities_:

##### Audit Facilitation

• Coordinate and support internal and external compliance audits/control testing
• Serve as a liaison between auditors/control testers and internal stakeholders
• Collect, organize, and provide requested evidence/artifacts to auditors/control testers in a timely manner

##### Stakeholder Coordination

• Work closely with internal teams (IT, Security, HR, Legal, Engineering, Operations..) to gather compliance-related documentation
• Follow up with stakeholders on pending audit requests and ensure timely submission of evidence
• Track and monitor progress on audit findings and corrective actions

##### Compliance Monitoring & Reporting

• Maintain accurate records of audit activities, evidence logs, and remediation actions
• Provide regular updates on the status of audit findings, remediation efforts, and compliance gaps
• Support in drafting compliance reports, dashboards, and management summaries

##### Policy & Awareness Support

• Assist in ensuring company policies, processes, and procedures are aligned with security and compliance requirements
• Support security awareness initiatives and compliance training for employees

Qualifications & Skills:

• 2+ years of experience in compliance, risk management, or IT/security audit support
• Knowledge of information security principles, data privacy concepts, and compliance frameworks (ISO 27001, SOC 2, CCPA, HIPAA, AML etc.)
• Strong organizational skills with the ability to manage multiple audit requests simultaneously
• Excellent communication and stakeholder management skills
• Proficiency in documentation, record-keeping, and reporting tools (e.g., Excel, Jira, GRC platforms such as OneTrust)

#LI-Hybrid

#LI-SP1

Don’t meet every single requirement? If you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway. At Ethos we are dedicated to building a diverse, inclusive and authentic workplace.

We are an equal opportunity employer who values diversity and inclusion and look for applicants who understand, embrace and thrive in a multicultural world. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Pursuant to the SF Fair Chance Ordinance, we will consider employment for qualified applicants with arrests and conviction records.

To learn more about what information we collect and how it may be used, please refer to our California Candidate Privacy Notice.