GRC Analyst

About The Position

Requirements

• Bachelor’s degree in information technology, Cybersecurity, Computer Science, Information Security, or a related field.
• 1–3 years of experience in IT security, compliance, risk management, or a related role.
• Experience with compliance and GRC tools (Drata or Vanta).
• Familiarity with cybersecurity and frameworks, including:
• NIST 800-53 R5 (CMMC is a plus)
• Type 2 SOC 2
• HIPAA, PCI-DSS, or GDPR.
• Strong understanding of information security principles and best practices.

Nice To Haves

• 5+ years of experience in security compliance, risk management, or a related field.
• Bachelor’s degree in information technology, Cybersecurity, Computer Science, Information Security, or a related field.
• Experience working in legal, financial, or other highly regulated environments.
• Experience conducting formal risk assessments and managing compliance programs.
• Experience maintaining and developing security policies, standards, and procedures.
• Professional certifications such as CISSP, CISM, CISA, CompTIA Security+, or CMMC-related certifications.

Responsibilities

• Conduct regular security audits and risk assessments to identify vulnerabilities and areas for improvement.
• Monitor and assess compliance with internal security policies and external regulatory requirements.
• Recommend and track appropriate security controls and mitigation strategies.
• Maintain detailed records of compliance activities, including assessments, corrective actions, and audit results.
• Prepare compliance documentation and reports for internal leadership and external auditors.
• Maintain and support the Simpluris cybersecurity compliance program.
• Regularly update policies, procedures, standards, and documentation to align with evolving regulatory and contractual requirements.
• Develop and maintain templates, tools, and resources to support compliance and audit readiness.
• Utilize compliance and GRC tools (i.e., Drata, Vanta, or similar platforms) to track controls, evidence, risks, and remediation efforts.
• Support third-party risk assessments, vendor questionnaires, and ongoing vendor compliance monitoring.
• Serve as the primary point of contact between Corporate, Technology, and Operational teams.
• Collaborate with IT, legal, and business units to address compliance challenges.
• Communicate complex technical and regulatory requirements in a clear, accessible manner to diverse audiences.
• Develop and deliver training and awareness sessions
• Conduct or support internal security audits and compliance reviews.
• Stay current with industry standards, federal regulations, and cybersecurity best practices.
• Support incident response activities, investigations, and post-incident documentation as needed.
• Collect, validate, and maintain audit evidence to support regulatory and customer audits.
• Assist with control testing, gap analysis, and remediation tracking.