Governance, Risk and Compliance Analyst
LeafLink is the largest unified B2B cannabis platform, providing licensed cannabis businesses a suite of tools to manage their business more effectively, sell or order from their favorite brands and accelerate growth. We are one platform, one solution and we’re defining the way thousands of cannabis brands, distributors and retailers streamline their operations. With thousands of brands and retailers across 30+ markets in North America, we are setting the industry standard for how cannabis businesses grow together. LeafLink processes more than $4.4 billion in wholesale cannabis orders annually.
Our team, backed by funding from leading VC's, including Founders Fund, Thrive Capital, Nosara Capital, and Lerer Hippeau is poised to define the cannabis supply chain through technology. LeafLink was named one of Inc. 5000’s ‘Top 5000 Fastest-Growing Private Companies’, one of Built In NYC's 'Best Places to Work in 2021', as well as one of Fast Company's 'Top 10 Most Innovative Companies in Enterprise for 2020', joining the ranks of Amazon, Slack, and VMWare - and we're just getting started!
The Role
LeafLink is seeking an experienced Governance, Risk and Compliance (GRC) Analyst Contractor to join our fast-growing team, reporting directly to the Sr GRC Program Manager. In this role, you will be involved in the operational execution of LeafLink Inc.’s GRC Program areas and providing assessment & audit support.
The Enterprise Risk and Compliance (ERC) team is responsible for maintaining a strong culture of compliance throughout the LeafLink organization. The ERC team is responsible for a variety of Risk and Compliance Programs, including but not limited to: Policy Management, Compliance Training, Risk Assessment, Business Continuity/Disaster Recovery, Third Party Vendor Risk, Controls Management, Audit Management, etc.
The GRC Analyst will help operationalize and support the ongoing execution of LeafLink’s third party risk management program, management of internal compliance training, and supporting or SOC 2 assessment and audit. This role aligns the standard practices of program management while also requiring the ability to partner cross-functionally across the organization. The individual for this role should have a focus on executing Risk & Compliance programs and working cross-functionally to deliver commitments to ensure success in the ongoing efforts of the Risk & Compliance Programs.
Responsibilities
- Contribute to the Governance, Risk, & Compliance (GRC) function within the Enterprise Risk and Compliance group and help to execute and continuously manage key program areas for third party risk, compliance training or internal and external audits/assessments
- Support the GRC Program Manager by managing the ongoing risk and compliance initiatives as well as testing and monitoring control effectiveness
- Responsible for maintaining the third party risk processes such as monitoring new 3rd party review requests, maintaining document repositories, kicking off necessary 3rd party diligence requests and ensuring active stakeholder engagement throughout the process
- Execute on the compliance training program by handling access and assignment of training for all new hires at LeafLink, monitoring training completion status and following up with necessary stakeholders, ensuring terminated employees are removed from the system in a timely manner
- Handling program workflows for audits/assessments within LeafLink’s GRC tool (ZenGRC) to ensure our records are preserved in-house
Qualifications
- 2-5 years of experience supporting and/or managing risk and/or compliance programs for a SAAS, Marketplace or Fintech company
- Ability to handle and cultivate cross-functional relationships and be seen as a valued business partner
- Capable of working with teams and commit to deadlines, fostering a positive work environment
- Exhibits proven ability to communicate effectively, collaborate and present on Risk & Compliance topics/frameworks
- Experience creating and maintaining risk and compliance programs through GRC solutions
- Ability to manage and plan ahead for upcoming audit tasks and works internally to ensure key tasks are scheduled timely
- Demonstrates detailed knowledge in specific areas of cybersecurity, information security, risk assessments, IT general controls, cloud controls and technical operations processes such as SOX IT, PCI, FFIEC, SOC 2, CIS CSC, NIST, and ISO principles