Associate GRC Analyst

About The Position

Requirements

• 2+ years of experience with Information Security, Risk Management, Compliance, and Governance
• Basic understanding of information security and risk management concepts
• Strong written communication skills and attention to detail
• Ability to manage documentation and multiple workstreams simultaneously
• Proficiency with Microsoft Word, Excel, and PowerPoint

Nice To Haves

• Exposure to GRC frameworks (NIST, ISO, SOC 2, PCI DSS, etc.)
• Internship or entry-level experience in security, IT, audit, or compliance
• Familiarity with vendor risk management or security questionnaires
• Experience with GRC tools (e.g., ZenGRC, Archer, ServiceNow GRC
• Bachelor’s degree in Information Security, Risk Management, CS, or a related field

Responsibilities

• Assist with maintaining and updating security policies, standards, and procedures.
• Support compliance efforts aligned with frameworks such as NIST, ISO 27001, SOC 2, PCI DSS, and/or CMMC.
• Collect, organize, and maintain audit evidence for internal and external audits.
• Track compliance tasks, remediation activities, and milestones.
• Support third-party / vendor risk assessments and due diligence reviews.
• Assist with documenting risk assessments, risk registers, and mitigation plans.
• Help respond to customer security questionnaires and compliance requests.
• Maintain GRC documentation, trackers, and tools
• Coordinate with internal teams to gather compliance and security information
• Support incident response documentation and post incident reviews as needed
• Other duties as assigned

Benefits

• health
• dental
• vision
• 401(k) match
• annual bonus plan
• unlimited vacation
• paid parental leave
• tuition reimbursement