Governance, Risk & Compliance Analyst

Acrisure•Atlanta, GA

2d•Onsite

About The Position

About Acrisure A global fintech leader, Acrisure empowers millions of ambitious businesses and individuals with the right solutions to grow boldly forward. Bringing cutting-edge technology and top-tier human support together, we connect clients with customized solutions across a range of insurance, reinsurance, payroll, benefits, cybersecurity, mortgage services – and more. In the last twelve years, Acrisure has grown in revenue from $38 million to almost $5 billion and employs over 19,000 colleagues in more than 20 countries. Acrisure was built on entrepreneurial spirit. Prioritizing leadership, accountability, and collaboration, we equip our teams to work at the highest levels possible. Job Summary: We are seeking a detail-oriented and motivated GRC Analyst to join our growing team. The ideal candidate will have 3+ years of experience in supporting governance, risk, and compliance initiatives. This includes assisting with client/prospect compliance questionnaires, cybersecurity assessments, and internal risk reviews. You will help maintain awareness of relevant cybersecurity regulations and contribute to implementing audit, governance, risk, and compliance (GRC) frameworks. As a GRC Analyst, you will collaborate across departments to ensure security solutions protect internal systems, vendor environments, and customer data. Your role will focus on aligning security practices with compliance requirements and supporting technical solutions for secure systems and data protection. Join one of the fastest-growing companies in the world, where you’ll gain hands-on experience with cybersecurity, compliance, and privacy frameworks, and work alongside industry experts in an environment built for growth, impact, and continuous learning.

Requirements

Able to work independently and enjoy a high degree of interaction with team members
Ability to contribute to a collaborative environment by consistently demonstrating teamwork, high motivation, positive behavior and effort to achieve goals and objectives
Self-motivated and driven
Maintain a sense of urgency and ability to work with and meet deadlines
Demonstrate effective written and verbal communication, including the ability actively listen, and problem solve with minimal assistance
Demonstrate excellent time management and prioritization skills
Attention to detail and commitment to a high level of accuracy
The ability to multitask, prioritize, work independently, and use discretion surrounding sensitive information
Ability to maintain a professional demeanor and positive attitude
3+ years of relevant experience in security engineering and GRC-focused security solutions development.
Understanding of security standards and frameworks such as NIST, ISO 27001, CIS Controls, and industry compliance regulations (NYDFS, GDPR, HIPAA, PCI-DSS).
Proven ability to manage complex timelines and deliverables, ensuring alignment with organizational goals and regulatory requirements.

Nice To Haves

CISSP (Certified Information Systems Security Professional)
CISM (Certified Information Security Manager)
CISA (Certified Information Systems Auditor)
GIAC (Global Information Assurance Certification)
CEH (Certified Ethical Hacker)
CRISC (Certified in Risk and Information Systems Control)

Responsibilities

Support governance, risk, and compliance (GRC) activities by assisting with cybersecurity framework implementation and regulatory compliance efforts.
Gain familiarity with GRC frameworks such as NIST CSF, ISO 27001, and COBIT, and help ensure technical and administrative controls align with audit and regulatory requirements.
Assist in maintaining compliance with regulatory standards including SOX, HIPAA, SOC 2, GDPR, and PCI-DSS, while staying informed about evolving cybersecurity laws and obligations.
Participate in internal and external audits by coordinating evidence collection, tracking remediation efforts, and supporting readiness for SOC 2, SOX ITGC, and HIPAA assessments.
Collaborate with cross-functional teams to support security initiatives and communicate effectively with both technical and non-technical stakeholders.