Senior Security GRC Analyst

About the team + role

We are building an elite team, applying frontier technologies to the world’s biggest financial problems. We’re looking for bold thinkers. Sharp problem-solvers. Builders who are wired to make an impact. Robinhood isn’t a place for complacency, it’s where ambitious people do the best work of their careers. We’re a high-performing, fast-moving team with ethics at the center of everything we do. Expectations are high, and so are the rewards.

The Security GRC (Governance, Risk, and Compliance) team’s mission is to ensure Robinhood meets its “Safety Always” commitments through disciplined risk management, resilient control environments, and effective governance practices. We work closely with Information Security, Technology, Corporate Engineering, Enterprise Risk, and Compliance teams to maintain strong oversight of risk across the organization. Our team supports global regulatory alignment while enabling the business to build compliant, secure products efficiently.

As a Senior Security GRC Analyst, you will focus on risk management across Information Security, Technology, and Corporate Engineering. You will conduct risk assessments, evaluate control effectiveness, support regulatory exams and audits, and provide clear reporting on risk posture. You will help strengthen how Robinhood manages risk across multiple regulatory environments through a centralized enterprise approach. This role offers exposure to international expansion efforts and the opportunity to contribute to automation and AI initiatives that improve control testing, reporting, and governance processes. 

This role is based in our Menlo Park, CA office, with in-person attendance expected at least 3 days per week.

At Robinhood, we believe in the power of in-person work to accelerate progress, spark innovation, and strengthen community. Our office experience is intentional, energizing, and designed to fully support high-performing teams.

What you’ll do

• Conduct risk assessments for security exceptions and issues across Information Security, Technology, and Corporate Engineering, and recommend appropriate risk treatment actions.
• Perform security and technology control testing, including evaluating control design and operating effectiveness, and track remediation through closure.
• Partner with engineering leaders and entity CISOs to provide clear reporting on risk posture and alignment with enterprise standards and regulatory requirements.
• Support regulatory exams, audits, and due diligence activities, including SOC and ISO engagements, and coordinate responses across internal contributors.
• Monitor and report on risk metrics and trends to identify gaps, improve processes, and strengthen governance and resilience practices.
• Contribute to automation and AI-enabled improvements within the GRC function to streamline control testing, reporting, and risk management workflows.

What you bring

• Bachelor’s degree in Computer Science, Engineering, Information Systems, Finance, or a related field, or equivalent practical experience.
• 5+ years of experience in security, technology risk, audit, or governance, risk, and compliance within a regulated industry (e.g., financial services, insurance, healthcare, legal).
• Experience conducting control testing, risk assessments, and supporting regulatory exams, including familiarity with SOC 2 and ISO frameworks.
• Understanding of how policies and standards support risk management and regulatory compliance, and experience managing exception governance processes.
• Ability to communicate effectively with senior leaders, including Directors and above, and guide discussions on risk posture and remediation plans.
• Experience working with GRC platforms and standard productivity tools 
• Strong organizational skills and the ability to work independently while managing multiple priorities.

Bonus points:

• Experience working in a technology-focused company operating under regulatory oversight.
• Experience in a publicly traded company or other regulated financial services environment.
• Relevant certifications such as CISSP, CRISC, CGRC, or similar credentials.
• Experience contributing to automation or AI initiatives within risk, audit, or compliance programs.
• Experience guiding or mentoring team members and interest in building a small team as program needs grow.

What we offer

• Challenging, high-impact work to grow your career.
• Performance-driven compensation with multipliers for outsized impact, bonus programs, equity ownership, and 401(k) matching.
• Best-in-class benefits to fuel your work, including 100% paid health insurance for employees with 90% coverage for dependents.
• Lifestyle wallet — a highly flexible benefits spending account for wellness, learning, and more.
• Employer-paid life & disability insurance, fertility benefits, and mental health benefits.
• Time off to recharge including company holidays, paid time off, sick time, parental leave, and more!
• Exceptional office experience with catered meals, events, and comfortable workspaces.