Entry Level GRC Analyst

About The Position

Requirements

• A Bachelor's or Graduate degree in Cybersecurity, Information Systems, or a related field
• 1 to 2 years of professional work experience -- this does not need to be in GRC or cybersecurity specifically, but it does need to be in a professional office or corporate environment. We are looking for candidates who have demonstrated reliability, communication, and accountability in a workplace setting
• Solid understanding of fundamental security and IT concepts including access controls, data retention, and change management
• Familiarity with major security and privacy frameworks including ISO, NIST, SOC 2, and HIPAA
• Strong critical thinking, organization, and communication skills
• Ability to balance multiple projects and deadlines with exceptional follow-through
• Technical aptitude -- you are curious, you learn fast, and you do not shy away from new tools
• A genuine interest in cybersecurity and a commitment to helping organizations build stronger, safer programs
• A solutions-first attitude -- you show up with curiosity and energy and you are not afraid to dive into the work
• The ability to think critically and execute with precision in a fast-paced, high-trust, low-ego environment
• A high level of ownership and accountability -- you communicate proactively and follow through without being managed closely
• A default toward communication — you keep the team informed, you acknowledge quickly, and you do not go dark on a deliverable or a client
• Located in the USA with permanent work authorization (no sponsorship of any kind now or in the future)
• Able to pass a background check
• A private, dedicated workspace with a door — client calls and confidential work require it

Nice To Haves

• Active pursuit of a relevant certification (Security+, CC, SSCP) is strongly preferred. If you are not currently studying for one, be prepared to explain why.

Responsibilities

• Assess and improve client security and IT controls
• Develop policies, processes, and risk assessments aligned to top frameworks including NIST, ISO 27001, and SOC 2
• Crosswalk and harmonize controls across multiple compliance frameworks
• Document security requirements, support control implementation, and help track remediation progress
• Build risk registers, support assessments, and monitor remediation progress
• Work hands-on with GRC tools and contribute to solutions for complex client challenges
• Translate technical and regulatory requirements into clear, actionable steps for our clients
• Participate in peer review of deliverables before they go to clients — your work will be reviewed and you will review others

Benefits

• Top performers move into permanent roles within 6 months.