Experienced or Senior GRC Analyst

About The Position

Requirements

• Permanent authorization to work in the U.S. -- no sponsorship of any kind now or in the future
• Able to pass a background check
• Reliable high-speed internet and a secure, private remote workspace
• Hands-on GRC experience with a track record of owning deliverables, producing frameworks-based documentation, and driving remediation -- not just supporting programs from the inside
• Deep working knowledge of compliance standards including SOC 2, ISO 27001, NIST CSF, HIPAA, and HITRUST
• Experience communicating findings and recommendations directly to clients or senior internal stakeholders -- you can hold a room, manage pushback, and present complex findings in plain language
• Excellent writing skills -- your deliverables are clear, polished, and do not require heavy editing before they go to a client
• Strong critical thinking and professional judgment -- you know when to escalate, when to hold your position, and when to ask for help
• A high level of accountability and ownership -- you manage your own workload, communicate proactively, and hold yourself to deadlines without being managed closely
• Comfort working independently in a fully remote environment with minimal hand-holding
• A default toward communication — you keep the team informed, you acknowledge quickly, and you do not go dark on a deliverable or a client

Nice To Haves

• Active certifications such as CISA, CISM, CISSP, or CRISC are strongly preferred. If you do not currently hold a relevant certification, we expect you to be actively pursuing one.

Responsibilities

• Lead assessments and audits of security and IT control environments
• Design, implement, and mature cybersecurity and compliance programs
• Develop risk registers, conduct risk assessments, and track remediation efforts
• Create and refine policies, standards, and procedures aligned with top frameworks including SOC 2, ISO 27001, NIST CSF, HIPAA, HITRUST, CMMC, and others
• Prepare clients for internal audits and external assessments
• Translate technical, regulatory, and business requirements into clear, actionable deliverables for client stakeholders
• Communicate findings, manage client feedback, and drive outcomes even when stakeholders push back
• Mentor junior analysts and contribute to the growth of our GRC practice
• Participate in peer review of deliverables before they go to clients — your work will be reviewed and you will review others

Benefits

• Contract-to-hire with potential for permanent roles
• Work directly with clients
• Own deliverables end to end
• Contribute to a high-standard team
• Work across multiple industries on diverse engagements
• No two projects are the same and no day looks exactly like the last
• Work alongside people who care about the craft and push each other to do better
• No politics, no silos, no hierarchy between you and the people making decisions
• Touch more GRC frameworks, more industries, and more client situations in one year here than most practitioners see in five
• Clients will notice your work
• You are not a number on a headcount
• Your name is on the deliverable