Governance, Risk, and Compliance (GRC) Analyst

EdgeConneX•Herndon, VA

15h

About The Position

Led by an experienced management team and supported by a strong investor group, including large and experienced institutions and strategic partners, EdgeConneX offers a dynamic, fast-paced work environment where we are bringing flexibility, proximity, power, and connectivity to some of the world’s key businesses. With major offices in Herndon, Denver, and Amsterdam, we have a global footprint and a unified team of employees committed to providing a premier customer experience and delivering the full spectrum of data center solutions, from core to edge, like no other data center provider can do. Focused on driving innovation and helping our customers define and deliver their own unique vision for the Edge, at any scale, in any market worldwide, for any requirement, we are building tomorrow’s data center infrastructure, today for some of the world’s most demanding Network, Content, and Cloud customers. We are seeking a highly motivated and experienced Governance, Risk, and Compliance (GRC) Analyst to join our team. The ideal candidate will have at least five years of experience in GRC or IT risk, a bachelor’s degree or higher in a related field, and professional certifications in GRC or cybersecurity. As a GRC Analyst, you will play a pivotal role in ensuring our organization adheres to regulatory requirements, manage risks effectively, and maintain robust governance practices for industry standards, frameworks and international data protection law.

Requirements

Bachelor’s degree or higher in Information Security, Computer Science, Business Administration, or a related field.
Minimum of 5 years of professional experience in governance, risk, and compliance or a related discipline.
Professional certifications such as CISA, CRISC, CISSP, CISM, ISO27001LA or similar are required.
Strong understanding of regulatory requirements and frameworks (e.g., ISO 27001, NIST, PCI DSS).
Risk assessment methodologies and control testing
Excellent analytical and problem-solving skills.
Strong communication and interpersonal skills, with the ability to work collaboratively across departments.
Experience with: Policy development and lifecycle management
Third-party/vendor risk assessments
GRC tools and risk management platforms (e.g., DRATA, VANTA, Archer, OneTrust)
Detail-oriented and highly organized, with a proactive approach to identifying and managing risks.

Nice To Haves

Experience with GRC software platforms and tools.
Project management experience or certification.
Experience in a regulated industry (e.g., datacenter, finance, technology).
Ability to train and mentor junior staff.

Responsibilities

Develop, implement, and maintain governance, risk, and compliance frameworks, policies, standards and procedures.
Conduct risk assessments and analyze potential threats to the organization’s information systems and business operations.
Monitor compliance with internal policies and external regulatory requirements (e.g., NIS2, DORA, ISO27001, AICPA Trust Principles, NIST, CIS, GDPR, SOX, HIPAA).
Track changes to regional data protection law in the regions where EdgeConneX operates (APAC, EU, North America and South America)
Collaborate with cross-functional teams to identify, assess, and mitigate risks across the organization.
Maintain risk registers, compliance metrics, and reporting dashboards
Support third-party risk management and vendor security assessments
Prepare and present regular reports on risk management activities, compliance status, and remediation efforts to management.
Support internal and external audits, including gathering documentation and facilitating audit processes.
Stay up to date with changes in relevant laws, regulations, and industry best practices.
Assist in the development and delivery of training programs related to governance, risk, and compliance topics.
Contribute to continuous improvement of GRC processes and tooling