GRC Analyst

Acrisure•Oklahoma City, OK

8d•Onsite

About The Position

About Auris Auris  is the payroll and HR partner built for small and medium-sized business who can’t afford to get it wrong. Trusted by over 50,000 business nationwide, Auris pairs easy-to-use technology with with real human services to give leaders the confidence that every detail is done right - so they can focus on growing their team and their business. Acquired by Acrisure in 2025, Auris formerly Heartland Payroll is accelerating its vision to deliver seamless human-centered technology to help small businesses thrive. Role Summary You will be a hands-on GRC professional who builds, monitors , and improves the frameworks that keep our organization compliant, resilient, and risk-informed . You’ll work across technology, operations, and product teams to assess control effectiveness, manage audits, and translate regulatory requirements into actionable, measurable security practices. Success in this role means turning governance into enablement — helping teams move faster by defining clear expectations, automating evidence, and maintaining trust with our customers, auditors, and partners.

Requirements

Enablement mindset: You see governance as a way to empower teams, not block them.
Curiosity: You dig into how controls really work in technical systems, not just on paper.
Precision: You care about evidence quality and clarity of documentation.
Collaboration: You work cross-functionally with engineers, legal, and executives to close risk gaps.
Communication: You distill complex regulatory and control requirements into understandable, actionable guidance.
Candidates should be comfortable with an on-site presence to support collaboration, team leadership, and cross-functional partnership.

Responsibilities

Maintain and evolve the Information Security Governance Framework aligned with NIST, ISO 27001, SOC 2, PCI-DSS , and SOX.
Map controls across frameworks to identify overlaps, gaps, and automation opportunities.
Draft and update policies, standards, and procedures.
Monitor control effectiveness through dashboards and continuous checks.
Identify , assess, and report technology and cybersecurity risks.
Facilitate risk assessments for products, vendors, and projects; track mitigation plans.
Maintain risk register with likelihood, impact, and residual risk metrics.
Produce risk reports and heatmaps for leadership.
Lead or support audits (SOC, NYDFS, Texas DOB); coordinate evidence and interviews.
Maintain audit calendar and ensure timely control testing.
Track remediation of findings and report status.
Manage vendor security reviews: questionnaires, evidence validation, risk scoring.
Oversee security due diligence for acquisitions and critical partners.
Maintain vendor risk register and report exposure.
Publish dashboards on control health, risk posture, and compliance.
Communicate risk and compliance expectations clearly to stakeholders.
Support security awareness and training campaigns.

Benefits

Physical Wellness: Comprehensive medical insurance, dental insurance, and vision insurance; life and disability insurance; fertility benefits; wellness resources; and paid sick time.
Mental Wellness: Generous paid time off and holidays; Employee Assistance Program (EAP); and a complimentary Calm app subscription.
Financial Wellness: Immediate vesting in a 401(k) plan; Health Savings Account (HSA) and Flexible Spending Account (FSA) options; commuter benefits; and employee discount programs.
Family Care: Paid maternity leave and paid paternity leave (including for adoptive parents); legal plan options; and pet insurance coverage.
… and so much more!
This list is not exhaustive of all available benefits. Eligibility and waiting periods may apply to certain offerings. Benefits may vary based on subsidiary entity and geographic location.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume