Governance, Risk, & Compliance (GRC) Analyst (Senior or Lead)

About The Position

Requirements

• 5+ years of experience in Governance, Risk and Compliance (GRC), Information Technology (IT) Audit, Information Security, Vulnerability Management, and Compliance.
• 5+ years experience supporting enterprise technology environments including applications, infrastructure, cloud services, databases, networks, or identity and access management platforms.
• 3+ years experience writing enterprise policies, standards, controls and implementation procedures.
• 3+ years of experience leading governance transformation or enterprise control framework initiatives.
• Strong understanding of how enterprise technologies are deployed, operated, administered, and secured across different environments.
• Experience collaborating directly with engineering, infrastructure, cloud, application, or operations teams to develop practical and technically feasible implementation procedures.
• 3+ years of experience in cybersecurity and regulatory frameworks including NIST 800-53, NIST 800-171, CMMC, ISO, GDPR, ITAR or similar frameworks.
• Experience mapping controls to enterprise technology assets and environments.

Nice To Haves

• 10 or more years of higher education and/or related work experience (Higher education includes college, university, technical school, licensing/certification programs, etc.).
• Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, Computer Science, or related field.
• Experience partnering with Legal, Privacy, Compliance, Internal Audit, or Regulatory Affairs teams to interpret and implement compliance obligations.
• Ability to lead cross-functional governance discussions with both technical and non-technical stakeholders.
• Experience with ServiceNow IRM or enterprise GRC platforms.
• Familiarity with CMDB, enterprise asset inventoried, and configuration concepts.
• Experience supporting control rationalization initiatives.
• Experience supporting highly regulated industries.
• Professional certifications such as CISSP, CGRC, CISA, CRISC.

Responsibilities

• Lead the development, maintenance, and continuous improvement of enterprise policies, standards, controls, and implementation procedures.
• Translate regulatory, contractual, and cybersecurity requirements into actionable governance and control requirements.
• Design, maintain, and optimize the enterprise control framework, including control rationalization, consolidation, and framework alignment activities.
• Partner with cybersecurity, infrastructure, engineering, cloud, application, data governance, privacy, and compliance teams to ensure governance requirements are practical, feasible, and align with business and operational needs.
• Provide subject matter expertise related to control intent, implementation expectations, regulatory interpretation, and governance best practices.
• Support governance modernization initiatives, ServiceNow IRM policy management, and control automation efforts to improve scalability, consistency, and efficiency.
• Develop and support control policies and strategies, prepare governance reporting, and communicate program status, priorities, and progress to stakeholders and leadership.

Benefits

• Competitive base pay
• Variable compensation opportunities
• Health insurance
• Flexible spending accounts
• Health savings accounts
• Retirement savings plans
• Life and disability insurance programs
• Paid time away from work
• Unpaid time away from work