Lead IT GRC Policy & Compliance Analyst #3616539

Join a collaborative information security environment supporting enterprise governance, policy, compliance, and audit readiness across a complex organization. This team partners closely with Information Security, Risk, Compliance, Legal, Audit, IT, application owners, and business stakeholders to improve how controls are monitored, evidence is collected, and compliance activities are executed. The role is highly operational, hands-on, and focused on strengthening security governance through automation, workflow improvement, and effective use of ServiceNow GRC/IRM and ITSM capabilities.

This is a contract-to-hire opportunity with a hybrid onsite preference in Lynchburg or Richmond, Virginia, with openness to remote candidates. The role offers the chance to support enterprise-level information security governance, improve policy and compliance workflows, and help drive more scalable, automated control and evidence processes across multiple stakeholder groups.

• Administer and coordinate ServiceNow Policy and Compliance modules to support accurate configuration, maintenance, and daily operational use.
• Manage ServiceNow ITSM oversight ticket queues, including intake, triage, tracking, and resolution of catalog, policy, and compliance-related requests.
• Partner with Information Security, Risk, Compliance, Legal, Audit, IT, and business teams to support enterprise policy and compliance initiatives.
• Operationalize and automate policy and compliance lifecycle activities, including policy reviews, attestations, continuous monitoring, control testing, and evidence collection.
• Support a “test once, satisfy many” approach to streamline compliance efforts across regulatory, audit, and assurance requirements.
• Develop dashboards, metrics, and reporting that give leadership and stakeholders visibility into policy, compliance, and control activity.
• Coordinate evidence and documentation for audits, assessments, regulatory inquiries, and internal reviews.
• Create and maintain SOPs, job aids, and process documentation to improve consistency, repeatability, and operational efficiency.
• Identify process improvement opportunities and help implement enhancements that reduce manual work and improve control validation.
• Execute assigned responsibilities independently while managing deadlines, competing priorities, and escalations as needed.

• Bachelor’s degree in Information Technology, Computer Science, or a related field preferred; equivalent IT or cybersecurity experience may be considered.
• At least 3 years of hands-on experience with ServiceNow GRC/IRM, with ServiceNow ITSM experience strongly preferred.
• Practical experience applying governance, risk, and compliance principles in an enterprise IT or cybersecurity environment.
• Working understanding of cybersecurity risks, controls, and frameworks such as NIST SP 800-53, NIST Cybersecurity Framework, and ISO/IEC 27001.
• Familiarity with governance and control mapping tools such as Unified Control Framework and SIG.
• Experience supporting policy management, control testing, continuous monitoring, compliance evidence, audits, assessments, and reporting.
• Strong communication skills with the ability to work across technical and non-technical stakeholders.
• Understanding of project management principles and SDLC concepts.
• Strong attention to detail, documentation quality, follow-through, and ability to manage operational tasks independently.
• Relevant certifications such as Security+, CISA, NIST CSF, PMP, CGRC, CISSP, or CISM are preferred.
• Experience partnering with Risk, Compliance, Legal, Internal Audit, or regulatory teams is a plus.
• Familiarity with HIPAA, SOX, NY DFS, SOC 1, and SOC 2 is preferred.