GSRC Analyst II (MUST HAVE 4+ YEARS EXPERIENCE)

About The Position

Requirements

• 4+ years of experience in IT risk management, security compliance, or related roles.
• Hands-on experience with regulatory frameworks such as HIPAA, CCPA, HITRUST, SOC 2, NIST, and CIS.
• Familiarity with AI governance frameworks (e.g., EU AI Act, NIST AI Risk Management Framework, ISO/IEC 42001) and experience assessing risks related to AI/ML systems.
• Strong understanding of risk assessment methodologies and compliance processes.
• Experience supporting audits, evidence collection, and remediation activities.
• Familiarity with security incident response and vulnerability management.
• Proficiency with risk and compliance management tools and platforms (e.g., Drata, Vanta, Safebase) and/or enterprise GRC platforms.
• Excellent analytical, documentation, and communication skills.
• Professional certifications such as SSCP, CISM, CISA, CRISC, ISO 27001 Lead Implementer, or similar.

Responsibilities

• Conduct risk assessments and gap analyses across global IT systems, applications, and cloud platforms.
• Monitor compliance with regulatory frameworks (HIPAA, CCPA, HITRUST, SOC 2, NIST, CIS) and internal security policies.
• Support the development, implementation, and maintenance of security policies, standards, and procedures.
• Preparing for and responding to internal and external audits, including evidence collection and remediation tracking.
• Responsible for reporting on security incidents, vulnerabilities, and compliance violations.
• Collaborate with IT, Legal and business teams to remediate identified risks and compliance gaps.
• Develop and maintain risk and compliance documentation, including risk registers, audit logs, and policy updates.
• Provide guidance and training to staff on security best practices and compliance requirements.
• Stay current with evolving regulatory requirements, security threats, and industry standards.
• Escalate complex risk and compliance issues to senior analysts or management as needed.