Cyber Security GRC Analyst

LIPAPRDTown of Oyster Bay, NY
$93,600 - $148,200Hybrid

About The Position

This position supports the organization’s cybersecurity governance, risk, and compliance program through governance oversight, policy lifecycle management, standards alignment, risk and control assessments, audit coordination, compliance validation, issue remediation tracking, third-party risk review, and executive reporting and documentation. The Cybersecurity GRC Analyst works closely with IT, Internal Audit, Compliance, Procurement, and business stakeholders to help ensure cybersecurity requirements are defined, documented, assessed, and monitored across the enterprise. This role is responsible for supporting the maintenance of cybersecurity policies and standards, conducting and documenting risk assessments, evaluating control effectiveness, coordinating audit and compliance activities, tracking remediation efforts, and preparing clear reporting for management and leadership.

Requirements

  • Bachelors degree in Cybersecurity, Information Systems, Computer Science, Business, Risk Management or related discipline.
  • Four (4) or more years of experience in cybersecurity governance, risk, compliance, IT audit, internal controls, or related field.
  • Proficiency with Cyber GRC technologies (such as ServiceNow, Archer, RSAM, etc.)
  • Background supporting governance oversight, policy lifecycle management, and standards alignment activities.
  • Track record performing risk and control assessments and documenting findings, recommendations, and remediation actions.
  • History of supporting control testing, audit coordination, and compliance validation activities.
  • Direct involvement with third-party risk review, vendor assessment support, or related due diligence functions.
  • Familiarity with issue remediation tracking, exception management, and reporting processes.
  • Advanced analytical, organizational, reporting, and documentation skills.
  • Excellent written and verbal communication skills with the ability to work effectively with technical and non-technical stakeholders.
  • Ability to manage multiple priorities, maintain detailed records, and work independently with limited supervision.

Nice To Haves

  • Candidates without a degree who have 8 years of experience in cyber security governance risk and compliance will be considered.
  • Working knowledge of cybersecurity frameworks and control standards such as NIST CSF, NIST SP 800-53, ISO 27001, and CIS Controls.
  • Cybersecurity certification such as Security+, CISSP, CISA

Responsibilities

  • Support governance oversight activities for the cybersecurity program across the enterprise.
  • Maintain and support policy lifecycle management, including the review, update, and communication of cybersecurity policies, standards, procedures, and related documentation.
  • Assist with standards alignment to applicable requirements, contractual obligations, and recognized cybersecurity frameworks.
  • Perform and document risk and control assessments for systems, applications, vendors, projects, and business processes.
  • Identify control gaps, document findings, and support risk treatment planning with business and technical stakeholders.
  • Assist with control documentation and control testing to evaluate design and operating effectiveness.
  • Provide audit coordination support for internal audits, external audits, and regulatory assessments, including evidence gathering, response tracking, and issue follow-up.
  • Support compliance validation activities to confirm required controls, processes, and documentation are in place and operating as intended.
  • Support third-party risk review activities, including security questionnaires, documentation review, assessment follow-up, and findings management.
  • Maintain risk registers, issue logs, exception records, remediation plans, and supporting documentation.
  • Perform issue remediation tracking and follow up with stakeholders to support timely closure of findings, gaps, and action items.
  • Prepare executive reporting and documentation related to risk posture, compliance status, audit results, remediation progress, control maturity, and key metrics.
  • Support governance committees, risk discussions, and management reporting through accurate and organized documentation.
  • Contribute to continuous improvement of GRC processes, templates, reporting, and governance practices.

Benefits

  • medical
  • dental
  • vision
  • paternal leave and family leave programs
  • behavioral health programs
  • 401(k) with company match
  • life insurance
  • tuition reimbursement
  • generous paid time off
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service