Governance, Risk and Compliance Analyst
LeafLink is the largest unified B2B cannabis platform, providing licensed cannabis businesses a suite of tools to manage their business more effectively, sell or order from their favorite brands and accelerate growth. We are one platform, one solution and we’re defining the way thousands of cannabis brands, distributors and retailers streamline their operations. With thousands of brands and retailers across 30+ markets in North America, we are setting the industry standard for how cannabis businesses grow together. LeafLink processes more than $4.4 billion in wholesale cannabis orders annually.
Our team, backed by funding from leading VC's, including Founders Fund, Thrive Capital, Nosara Capital, and Lerer Hippeau is poised to define the cannabis supply chain through technology. LeafLink was named one of Inc. 5000’s ‘Top 5000 Fastest-Growing Private Companies’, one of Built In NYC's 'Best Places to Work in 2021', as well as one of Fast Company's 'Top 10 Most Innovative Companies in Enterprise for 2020', joining the ranks of Amazon, Slack, and VMWare - and we're just getting started!
The Role
At LeafLink, we work hard to earn our users’ trust every day, and gaining & retaining this trust is critically important to LeafLink’s success. LeafLink is seeking an experienced Governance, Risk and Compliance (GRC) Analyst to join our fast-growing team, reporting directly to the GRC Program Manager. In this role, you will be involved in the operational execution, supporting and scaling LeafLink Inc.’s GRC Program areas.
The Enterprise Risk and Compliance (ERC) team is responsible for maintaining a strong culture of compliance throughout the LeafLink organization. The ERC team is responsible for a variety of Risk and Compliance Programs, including but not limited to: Policy Management, Risk Assessment, Business Continuity/Disaster Recovery, Third Party Vendor Risk, Controls Management, Audit Management, etc.
The GRC Analyst will help operationalize and support the ongoing implementation of LeafLink’s third party risk, BC/DR, and controls management programs to ensure we are following the policies, regulations and requirements that impact our innovative projects. This role aligns the best practices of program management with risk/security frameworks and GRC subject matter expertise, while also requiring the ability to partner and strategically think to scale the organization. The individual for this role should have a focus on scalable operations and innovation to challenge the status quo. The individual should be a force multiplier for the team working cross-functionally to deliver commitments and taking the GRC programs to the next level.
Responsibilities
- Contribute to the Governance, Risk, & Compliance (GRC) function within the Enterprise Risk and Compliance group and help to implement and continuously improve programs to address key company risks and work with internal teams on assessments related to program areas of third party risk, BC/DR or controls management
- Support the GRC Program Manager in leading ongoing risk and compliance initiatives as well as testing and monitoring control effectiveness
- Responsible for maintaining the third party risk and business continuity/disaster recovery programs
- Develop a third party monitoring program to perform ongoing assessment of third party risks and ensure issues and remediations are identified and addressed in accordance with program requirements
- Champion compliance initiatives by building deep, collaborative relationships with cross-functional stakeholders throughout the organization and review new risks and controls requirements arising from new vendors or partners, or impact to BC/DR from changing or new business lines, technology implementations and transformation efforts
- Become an expert user of the comprehensive GRC tool (ZenGRC) to manage the GRC program areas and audits
Qualifications
- 3-7 years of experience implementing and managing risk and/or compliance programs for a SAAS, Marketplace or Fintech company
- Ability to build and cultivate strong relationships and be seen as a valued business partner
- Capable of working with teams and commit to deadlines, fostering a positive work environment; being a strong team player who can deal with and provide solutions to complex IT infrastructure and applications issues
- Exhibits proven ability to influence, communicate, collaborate and present
- Strong knowledge of security risk identification, analysis, assessment, and mitigation within ambiguous environments
- Experience creating and maintaining risk and compliance programs through GRC solutions
- Ability to actively manage competing deliverables to meet business commitments and partners' expectations
- Ability to manage and plan ahead for upcoming audit tasks and works internally to ensure key tasks are scheduled timely
- Demonstrates detailed knowledge in specific areas of cybersecurity, information security, risk assessments, IT general controls, cloud controls and technical operations processes such as SOX IT, PCI, FFIEC, SOC 2, CIS CSC, NIST, and ISO principles
Benefits
- Flexible PTO to give our employees a little extra R&R when they need it
- Competitive compensation and 401k
- Comprehensive health coverage (medical, dental, vision)
- Commuter Benefits through a Flexible Spending Account
- A robust stock option plan to give our employees a direct stake in LeafLink’s success
LeafLink’s employee-centric culture has earned us a coveted spot on BuiltInNYC’s Best Places to Work for in 2021 list. Learn more about LeafLink’s history and the path to our First Billion in Wholesale Cannabis Orders here.