Governance, Risk, and Compliance (GRC) Senior Analyst

About The Position

Requirements

• Bachelor's degree in Information Security, Computer Science, Business Administration, Risk Management, or a related field.
• Minimum 3-5 years of experience in governance, risk, and compliance roles.
• Demonstrated experience managing multiple compliance frameworks simultaneously.
• Proven track record of successfully leading audit readiness and certification efforts.
• Experience working with external auditors and certification bodies.
• Strong understanding of information security principles, practices, and technologies.
• In-depth knowledge of risk management methodologies and frameworks (e.g., NIST CSF, COBIT).
• Familiarity with GRC tools and platforms (experience with Vanta a plus).
• Understanding of cloud security and international privacy considerations.

Nice To Haves

• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Security Professional (CISSP)
• Certified in Governance of Enterprise IT (CGEIT)

Responsibilities

• Lead continuous compliance and operating effectiveness across SOC 1, SOC 2, ISO/IEC 27001, ISO/IEC 42001, and CSA Star Level 2 certification programs.
• Prepare policy, procedures, and control design updates to ensure ongoing compliance with applicable standards and frameworks.
• Monitor regulatory changes and emerging compliance requirements, assessing impact and recommending necessary updates to Fulcrum’s policies and control activities.
• Conduct risk assessments to identify, analyze, and prioritize organizational risks.
• Develop and maintain risk registers and oversee progress on risk treatment plans.
• Collaborate with business units to ensure risk management practices and control activities are integrated into operational processes.
• Track and report on key risk indicators (KRIs) and compliance metrics.
• Ensure that the design of control activities is documented accurately and recommend ongoing improvements to Fulcrum’s control catalog.
• Obtain, assess, and maintain control activity evidence for audit readiness.
• Support remediation efforts for identified control gaps and deficiencies.
• Prepare audit documentation and corrective action plans as necessary.
• Track remediation activities and ensure timely closure of audit findings.
• Partner with cross-functional teams including IT, Legal, and Business Development to advance compliance initiatives
• Provide guidance to Fulcrum GT staff on compliance requirements and best practices.
• Communicate compliance status, risks, and recommendations to senior leadership.
• Serve as a subject matter expert on GRC matters across the organization

Benefits

• Competitive Health, Dental and Vision Insurance
• Pet Insurance
• 401k
• Flexible schedule
• Paid Holidays plus Paid Time Off