About Rocket Lawyer

We believe everyone deserves access to affordable and simple legal services. Founded in 2008, Rocket Lawyer is the largest and most widely used online legal service platform in the world. With offices in North America, South America, and Europe, Rocket Lawyer has helped over 30 million people create over 50 million legal documents, and get their legal questions answered.

We are in a unique position to enhance and expand the Rocket Lawyer platform to a scale never seen before in the company’s history, to capture audiences worldwide. We are expanding our team to take on this challenge!

About your role

Rocket Lawyer continues to rapidly grow its business into the legal tech world, leveraging our quickly developing AI technology. As part of this continued growth, more analysis is made by each of our customers on Rocket Lawyer’s security practice from a GRC standpoint. Additionally, as we continue to grow, our risk profile grows and must be managed appropriately.

Rocket Lawyer is looking for a motivated individual with a strong fundamental understanding of GRC to mature our program, along with the continued company growth. In 2025, we established our first proper GRC function on our journey to obtaining our first SOC2 Type II certification as a business. In 2026, we plan to obtain an ISO 27001 certification in addition to streamlining and building out all of our controls, as well as more closely staying on top of company risks.

How you will make a difference day to day

Risk Identification and Monitoring

Assist in identifying, assessing, and tracking risks across IT and enterprise functions.
Maintain risk register in GRC and CRQ tools, ensuring business understanding of all existing risks.
Perform threat modeling across different business applications.
Support maintenance of the enterprise risk register and dashboards used by leadership.

Governance and Compliance Support

Help draft, organize, and maintain policies, standards, and procedures.
Analyze, recommend, and implement security best practices.
Support compliance awareness campaigns and training that promote a culture of risk accountability.

Framework Alignment

Learn and assist in mapping controls to frameworks such as SOC2, NIST CSF, COBIT, ISO 27001, GDPR, CCPA, and ISO 42001.
Crosswalk and harmonize controls across multiple compliance frameworks.
Support tracking and validation of control effectiveness through GRC tools or reports.

Collaboration and Reporting

Partner with security leadership to prepare reports, metrics, and presentations for management.
Contribute to meetings with stakeholders across Legal, Finance, IT, and Operations.
Work with sales teams to respond to customer questionnaires for RL Security.
Responsible for reviewing vendor risk profiles and approving vendors for use at RocketLawyer.

Operational Support and Learning

Provide day-to-day administrative and research assistance to the security team.
Demonstrate initiative, curiosity, and a commitment to learning risk and compliance fundamentals.

Cross-Functional Security Responsibilities

While GRC is the primary focus of this role, Rocket Lawyer’s security team must be nimble and cross-trained across multiple disciplines.
You will likely be asked to learn tools that are not focused on GRC to provide backup if other team members are not around, or to just expand your knowledge and provide additional coverage.
All team members are expected to join team calls and contribute to the team’s overall success, regardless of whether a given topic is specific to their titled role.

What you’ll need

Bachelor’s or Graduate degree in Cybersecurity, Information Systems, or a related field, or relevant job experience.
1-2 years of relevant experience (cybersecurity, audit, risk, compliance, GRC).
Solid understanding of fundamental security and IT concepts (access controls, data retention, change management, etc.).
Familiarity with major security and privacy frameworks (ISO, NIST, SOC 2, HIPAA, etc.).
Strong critical thinking, organization, and communication skills.
Ability to balance multiple projects and deadlines with exceptional follow-through.
Technical aptitude — you’re curious, you learn fast, and you don't shy away from new tools.
A passion for cybersecurity and a commitment to helping companies build safer, stronger environments.
Strong understanding of global data protection laws and regulations (e.g., GDPR, CCPA) and their technical implications.
Strong analytical, problem-solving, and communication skills, with the ability to work effectively across cross-functional teams.
Industry certifications (e.g., CISSP, CISA, CISM) are a plus.

Benefits & Perks

Private health insurance, including family dependents
Dental plan (optional, at the employee’s expense)
Life insurance
Meal/Food voucher (Flexible Benefits category)
Wellhub (former Gympass) partnership
Total Pass partnership
EAP (Employee Assistance Program)
Mental health assistance
Birthday off
Daycare assistance
Financial support for those who have children with special needs and disabilities
Employee referral program
Free Rocket Lawyer account with online access to an extensive legal documents library and brilliant licensed attorneys at discounted rates

Interview Process

Recruiter Phone Screen
Role Assessment (s)
Hiring Manager Interview
Panel Interviews
Final Interview

Actual compensation packages are determined by various factors unique to each candidate, including but not limited to skill set, depth of experience, certifications, specific work location, and performance during the interview process.

Regime de contratação: CLT

Brazil Monthly Compensation

R$6.873—R$8.086 BRL

By applying for this position, your data will be processed as per Rocket Lawyer Privacy Policy.

Governance, Risk & Compliance Analyst

AI overview

Perks & Benefits Extracted with AI