GRC Analyst (Governance, Risk & Compliance)

3+ years of experience in GRC, information security compliance, or audit roles.

Working knowledge of ISO 27001, SOC 2 Trust Service Criteria, GDPR, HIPAA, and CCPA.

Experience collecting and managing compliance evidence and coordinating with external auditors.

Strong organizational skills — ability to manage multiple concurrent workstreams with defined deadlines.

Excellent written communication — able to draft clear policies, risk memos, and compliance reports.

Comfortable working cross-functionally with Engineering, HR, Legal, and Finance stakeholders.

Maintain the enterprise security risk register — score risks using NIST likelihood/impact methodology, assign owners, track mitigation status, and report monthly to the CISO.

Maintain dedicated AI Risk Log and Shadow IT Risk Log — identify, score, and document risks from unsanctioned AI tools and unapproved SaaS applications.

Support the CISO in drafting risk acceptance memos for policy exceptions or residual risks above threshold.

Assist in preparing the monthly SRC (Security & Risk Committee) security dashboard.

COMPLIANCE & AUDIT

Coordinate ISO 27001:2022 internal audit evidence collection across all Annex A control domains. Prepare documentation packages for CISO review and external auditor submission.

OneRail is a leading omnichannel fulfillment solution pairing best-in-class software with logistics as a service to provide dependability and speed to help businesses meet their delivery promise. With a real-time connected network of 12 million drivers, OneRail matches the right vehicle for the right delivery so brands lower expenses and increase capacity to rapidly scale their businesses. This people-plus-platform approach features a 24/7 USA-based exceptions team who maintain a 98% on-time delivery rate. By optimizing fulfillment processes, reducing costs and improving order accuracy with store-shelf-to-doorstep visibility, OneRail is committed to empowering clients and improving the customer experience.

OneRail was named to the Deloitte Technology Fast 500™ two years in a row, was ranked 19th in the 2025 FreightTech 25, named for the fifth year in a row to the FreightTech 100, was honored as one of Inc. magazine’s Best Workplaces 2023, was listed on Forbes’ lists of America’s Best Startup Employers for the last three years, was named to the Inc. 5000 two years in a row and was selected as the Last Mile Company of the Year for the 2024 SupplyTech Breakthrough Awards. To learn more about OneRail, visit OneRail.com.