Governance, Risk, and Compliance Analyst

Job Title: GRC Analyst

Position Summary

As a GRC Analyst, you will play a pivotal role in supporting and enabling Governance, Risk, and Compliance (GRC) operations across our cybersecurity services. Your primary focus will be to enhance risk management processes, strengthen compliance frameworks, and support strategic initiatives that drive the organization’s security posture and business resilience. You will act as a key collaborator between technical teams, business units, and executive leadership, translating compliance requirements into actionable plans.

Key Responsibilities

Governance Enablement & Strategy • Support the design, implementation, and continuous improvement of the organization’s GRC enablement strategy, covering tooling, workflows, reporting, and process optimization. • Assist in developing frameworks and controls that align with industry standards (e.g., ISO 27001, NIST, GDPR, PCI-DSS). • Help manage the governance structure, including policy lifecycle management, compliance awareness programs, and control implementation. Risk Management & Compliance Operations • Conduct risk assessments, control effectiveness reviews, and gap analyses in coordination with technical and business stakeholders. • Assist in managing compliance assessment requests, ensuring effective intake, tracking, and prioritization of projects. • Provide hands-on support for coordinating internal and external audit activities and regulatory compliance reviews. • Maintain comprehensive compliance dashboards, reports, and metrics to track risk status, control effectiveness, and compliance posture. Tooling & Process Improvement • Assist in the selection, deployment, and management of GRC tools and technologies (e.g., Archer, ServiceNow GRC, MetricStream) to streamline risk and compliance operations. • Collaborate with IT and security teams to integrate automated controls and reporting into existing workflows and systems. • Identify opportunities for process automation, efficiency gains, and proactive risk identification. Collaboration & Communication • Partner with IT, Security, Legal, and Business Units to ensure compliance activities align with business objectives. • Translate complex compliance and risk findings into clear, actionable insights for technical and non technical stakeholders. • Assist in delivering training and awareness programs related to governance and compliance policies.

Required Qualifications

• 3+ years of experience in GRC, Information Security, IT Risk, or Compliance functions. • Strong understanding of industry-standard frameworks and regulations (NIST, ISO 27001, GDPR, PCI-DSS, SOC2). • Experience working with GRC platforms and tools such as RSA Archer, ServiceNow GRC, MetricStream, or similar. • Hands-on experience in risk assessments, compliance audits, and policy implementation. • Familiarity with cloud environments (AWS, Azure, GCP) and their associated compliance challenges. • Strong analytical skills and a data-driven mindset for decision making. • Excellent written and verbal communication skills, with the ability to articulate technical concepts to business audiences.

Preferred Qualifications

• Certifications such as CISA, CISM, CISSP, CRISC, or PMP. • Experience in automating compliance processes within DevSecOps pipelines. • Solid understanding of IT and security control frameworks (CIS Controls, MITRE ATT&CK). • Exposure to compliance monitoring of cloud-native environments. • Experience in regulatory environments (e.g., finance, healthcare, government).

Professional Attributes We Value

• Strong problem-solving skills and attention to detail • Ability to operate independently in a fast-paced environment • Strategic thinker with a continuous improvement mindset • Collaborative approach, building trust with cross-functional teams • Passion for keeping up-to-date with emerging cybersecurity and compliance trends As a GRC Analyst in our cybersecurity services team, you will have the opportunity to influence risk based decisions, improve compliance maturity, and protect our clients’ critical assets from regulatory and security risks. If you are driven by governance excellence and have a solid technical understanding of cybersecurity controls, we encourage you to apply.