GRC Analyst

The GRC Analyst supports the organization’s governance, risk, and compliance programs by identifying and assessing risk, ensuring adherence to regulatory frameworks, and maintaining internal policies and controls. This role plays a critical part in safeguarding company assets, protecting sensitive data, and promoting operational integrity in alignment with legal and industry standards.

• →

  Conduct ongoing risk reviews and maintain an up-to-date risk register

• →

  Support risk assessments across critical business processes and systems

• →

  Partner with stakeholders to develop and track risk mitigation plans through resolution

• →

  Assist in building risk metrics and reporting for executive-level visibility

• →

  Monitor adherence to relevant regulatory frameworks and internal controls

• →

  Support audit readiness by coordinating evidence collection and documentation

• →

  Partner with cross-functional teams to ensure successful audit outcomes with no material findings

• →

  Review and update GRC-related policies on a regular cadence

• →

  Support or lead compliance and security training initiatives

• →

  Develop and distribute awareness materials on key compliance topics

• →

  Maintain accurate and secure documentation for audits, investigations, and post-incident reviews

   

• Bachelor’s degree in Business, Information Security, Risk Management, or related field (or equivalent experience)

• 3-5 years of experience in GRC, risk management, compliance, or audit-related roles

• Familiarity with common compliance frameworks (e.g., SOC 2, ISO 27001, HIPAA, FedRAMP)

• Strong organizational skills with attention to detail and follow-through

• Act as a highly collaborative partner across internal teams and external stakeholders, demonstrating strong consultative and relationship-building skills; proactively align on goals, communicate clearly, and drive shared success through influence, responsiveness, and accountability

• Experience supporting audits or certification processes

• Exposure to risk management tools or GRC platforms

• Basic understanding of information security principles and controls

• Background in customer facing roles with a high level of customer interaction