GRC Analyst II

About The Position

Requirements

• Bachelor's degree in Computer Science, Information Technology, or related field
• Minimum of 2 years of experience in compliance, audit, and/or information security
• CISSP, CISA, CCSA, or equivalent certification preferred
• Familiarity with enterprise-level compliance tools such as Drata, Vanta, ServiceNow, Archer, IBM GRC or other industry equivalent software
• Foundational understanding and eagerness to learn NIST CSF, NIST RMF, ISO 27001, ISO 27018, ISO 42001, SOC 1, SOC 2, HIPAA and HITRUST
• Basic understanding of cloud based environments for production applications, including Amazon Web Services, Google Cloud, or other large-scale cloud deployments
• Experience in the vulnerability assessment lifecycle from the point of identification to remediation
• Interpersonal skills to work as a team member and as a liaison
• Excellent verbal communication, presentation, organizational and planning skills, and great attitude and ability to learn new things quickly
• Bachelor’s degree in Computer Science, Information Systems or related field.

Nice To Haves

• Prior information security experience helpful

Responsibilities

• Collaborate with internal stakeholder teams (e.g., Engineering, IT, Product, Legal, HR) to document the implementation of security compliance controls across technical, management, and operational requirements.
• Support and perform gap analyses of current policies, procedures, and practices against established guidelines and frameworks, including NIST, FISMA, HIPAA, and other applicable regulatory standards.
• Assist with and conduct risk assessments of technology infrastructure, business processes, and security controls for assigned areas, documenting findings and recommended remediation steps.
• Embrace AI as a core tool to enhance GRC accuracy, efficiency, and proactive risk management, while following internal standards for responsible AI use.
• Use AI-powered platforms, under guidance from senior team members, for continuous controls monitoring, predictive risk analysis, and identification of potential compliance gaps.
• Improve team efficiency in evidence collection, organization, and analysis - leveraging AI and automation where appropriate - so the GRC function can focus more time on higher-value risk and compliance activities. Contribute to the build-out, maintenance, and ongoing refinement of the enterprise controls matrix, ensuring alignment and mapping across multiple compliance frameworks (e.g., SOC 1, SOC 2, PCI DSS, NIST CSF, ISO 27001, ISO 27018, ISO 42001, HITRUST, HIPAA).
• Assist in developing, updating, and maintaining security and compliance documentation, which may include the key documents required by the above standards.
• Support the delivery, tracking, and ongoing improvement of information security training and awareness programs for employees and contractors.
• Perform vendor security and risk assessments for new and existing vendors, document results, and occasionally interface directly with vendor contacts to clarify responses or request additional information.
• Assist with tracking and coordinating activities related to threat and vulnerability management, including monitoring assessment results, following up on remediation efforts, and helping to ensure that vulnerabilities are addressed within defined timeframes.

Benefits

• A Great Company Culture that has been recognized by multiple organizations like Inc, and Salt Lake Tribune
• Comprehensive health, life, and disability insurance
• Generous leave policies that include 4 weeks of vacation, 12 company holidays, parental leave, and volunteer time off so you can enjoy quality of life
• 401k plans with up to 6% company match
• $2000 Paid-Paid Vacation bonus
• EAP through Headspace
• Check out all our benefits that benefit you