GRC Analyst
About The Position
Aqueduct Technologies is seeking a GRC Analyst to join our Governance, Risk, and Compliance (GRC) team. Reporting directly to the Director of GRC, this role plays a pivotal part in designing, executing, and maturing our clientsâ security and compliance programs. This is an analyst to mid level position designed for a GRC professional who is ready to take ownership of key workstreams while continuing to develop under senior leadership guidance. You will work directly with clients in a consulting environment, contributing to meaningful security improvements across diverse industries. As part of our growing GRC practice, you will: - Support and progressively lead client compliance engagements - Contribute to the development of Aqueductâs GRC service offerings - Assist with internal compliance initiatives and audit readiness activities
Requirements
- Strong written and verbal communication skills
- Analytical thinking and attention to detail
- Ability to manage multiple client workstreams in a consulting environment
- Professional presence in client facing situations
- Experience supporting or conducting assessments across one or more major frameworks such as NIST CSF, ISO 27001, SOC 2, HIPAA, PCI DSS, or CMMC
- Working knowledge of risk assessment methodologies
- Familiarity with third party risk management concepts and processes
- Foundational understanding of Zero Trust principles and modern security architecture concepts
- 3 or more years of experience in information security with exposure to GRC functions
- Ability to work in a hybrid model in the Canton, MA area
- Willingness to travel locally for client engagements as needed
Nice To Haves
- Experience in consulting, advisory, or managed services environments preferred
- Experience with GRC platforms such as ServiceNow GRC, Archer, Drata, Vanta, or similar tools is a plus
- One or more of the following certifications is preferred but not required: CISA CISM CRISC CISSP CCSP
Responsibilities
- Support and conduct readiness assessments aligned to frameworks such as NIST CSF, ISO 27001, SOC 2, HIPAA, PCI DSS, and CMMC
- Identify control gaps and provide practical, risk based remediation recommendations
- Assist clients in preparing for external audits and certification efforts
- Perform organizational risk assessments and document risk findings
- Evaluate control effectiveness and recommend mitigation strategies aligned with business objectives
- Maintain risk registers and support risk reporting processes
- Conduct vendor risk assessments and due diligence reviews
- Support the development and maintenance of third party risk programs
- Assist with ongoing monitoring activities and documentation
- Prepare clear, structured reports summarizing findings, risks, and recommended actions
- Present results to client stakeholders with guidance from senior team members
- Translate technical findings into business relevant insights
- Work closely with security operations, engineering, and account teams to align GRC initiatives
- Support internal compliance initiatives including SOC 2 readiness and audit activities
- Contribute to documentation development, templates, and process improvement efforts
- Stay current on evolving cybersecurity risks, regulatory requirements, and industry standards
- Expand expertise across multiple frameworks and advisory domains
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Entry Level
Education Level
No Education Listed
