Senior GRC Analyst

Who We Are

Flagship Pioneering is a scientific innovation engine that invents and builds companies that change the world.We bring together the greatest scientific minds with entrepreneurial company builders and assemble the capital to allow them to take courageous leaps in human health sustainability and beyond.

What sets Flagship apart is our ability to advance biotechnology by uniting life science innovation company creation and capital investment under one roof in a way that is largely without precedent. Ourteam of scientists entrepreneurial leaders and professional capital managers are each aligned around an institutionalized process that enables us to innovate andcreate breakthroughs for the benefit of people and planet.

Many of the companies Flagship has founded have addressed humanitys most urgent challenges: vaccinating billions of people against COVID-19 curing intractable diseases improving human health preempting illness and feeding the world by improving the resiliency and sustainability of agriculture.

Flagship has been recognized twice on FORTUNEs Change the World list an annual ranking of companies that have made a positive social and environmental impact through activities that are part of their core business strategies and has been namedfour timesto Fast Companys annual list of the Worlds Most Innovative Companies.

About the Role

Flagships GRC program has matured from build to operate. We have a functioning GRC system of record in Jira active compliance tracks across HITRUST NIST 800-171 ISO 27001 and SOC 2 and a TPRM workflow in production. What we need now is a hands-on practitioner who can execute against that infrastructure someone who is as comfortable running a vendor risk assessment in Jira as they are prepping evidence packages for an audit. This is not a policy-writing or director-level role. It is a technical execution role for someone who gets things done.

What Youll Do

• Own day-to-day execution of the GRC system of record in Jira maintaining control records updating compliance status logging implementation and auditor notes and keeping the SOR current across all active frameworks
• Run TPRM assessments end-to-end: intake questionnaire review risk scoring CISO decision documentation and post-approval tracking
• Coordinate audit evidence collection and control testing activities across HITRUST ISO 27001 SOC 2 and NIST 800-171 frameworks working directly with the external audit firm
• Maintain the compliance calendar and drive sprint-by-sprint execution against framework deadlines
• Manage sub-processor and DPA tracking for portfolio company privacy programs including gap identification and remediation follow-up
• Support DSR and privacy program operations including data inventory maintenance and deletion workflow tracking
• Build and maintain GRC automation using AI tools (Claude Jira automation Zapier) to reduce manual burden on recurring compliance tasks
• Produce clear accurate reporting on compliance posture for the CISO and cross-functional stakeholders

What Were Looking For

• 36 years of hands-on GRC experience ideally in a fast-moving tech or life sciences environment
• Direct experience working in Jira as a compliance or GRC tool not just a project management tool; you should understand issue types custom fields bulk operations and reporting
• Working knowledge of at least two of: HITRUST CSF ISO 27001 NIST 800-171/CMMC SOC 2 HIPAA
• Experience running vendor risk assessments intake to decision not just filling out questionnaires
• Comfort with AI-assisted work: you should already be using tools like Claude or ChatGPT to accelerate your GRC work not learning to do so for the first time
• Strong written communication youll be producing evidence narratives audit responses and control documentation that external auditors and regulators will read
• Ability to operate with high autonomy; the CISO will provide direction but not day-to-day supervision

Nice to Have

• CISA CRISC CISM or equivalent certification
• Experience with privacy program operations (CCPA GDPR DSR workflows)
• Familiarity with Drata Vanta or similar compliance automation platforms
• Experience supporting a portfolio company or multi-entity compliance program

Why This Role

Youll own a real compliance program not support someone elses. The CISO is your direct partner not a distant approver. Youll use modern tools Jira Claude Zapier to do GRC work that most teams still do in spreadsheets. And youll have visibility into a genuinely diverse security environment spanning drug discovery AI clinical platforms and life sciences infrastructure.

We are an equal opportunity employer. All qualified applicants will be considered for employment without regard to race color religion sex sexual orientation gender identity national origin disability protected veteran status or any other characteristic protected by law.

We recognize that great candidates often bring unique strengthswithout fulfilling every qualification. If you have some of the experience listed above but not all please apply anyway. We are dedicated to building diverse and inclusive teams and look forward to learning more about your backgroundand interest in Flagship.

Recruitment & Staffing Agencies: Flagship Pioneering and its affiliated Flagship Lab companies (collectively FSP) do not accept unsolicited resumes from any source other than candidates. The submission of unsolicited resumes by recruitment or staffing agencies to FSP or its employees is strictly prohibited unless contacted directly by Flagship Pioneerings internal Talent Acquisition team. Any resume submitted by an agency in the absence of a signed agreement will automatically become the property of FSP and FSP will not owe any referral or other fees with respect thereto.

#LI-NM1

The salary range for this role is $88000 - $121000. Compensation for the role will depend on a number of factors including a candidates qualifications skills competencies and experience. Flagship Pioneering currently offers healthcare coverage annual incentive program retirement benefits and a broad range of other benefits. Compensation and benefits information is based on Flagship Pioneerings good faith estimate as of the date of publication and may be modified in the future.

Privacy Notice for Applicants:When you apply for a role at Flagship Pioneering or one of its portfolio companies we collect and use personal information you provide (such as your name contact details work history and application materials) to evaluate your application communicate with you and comply with legal obligations. Your application data is processed through Greenhouse our applicant tracking system and may also be reviewed using AI-assisted screening tools. We do not sell your personal information. California residents have rights under the CCPA/CPRA including to know delete and opt out of the sharing of their personal information. If you are located in the EU or UK we process your data under GDPR and you have rights to access rectify and erase your data. To exercise your rights or for questions contact