Information Security GRC Analyst

About The Position

Requirements

• 1–2 years of experience in GRC, cybersecurity, IT audit, or a related discipline
• Foundational knowledge of security frameworks such as NIST CSF, ISO 27001, or CIS Controls
• Strong written and verbal communication skills, with the ability to convey technical concepts to non-technical audiences
• Ability to manage multiple tasks and deadlines in a fast-paced, client-driven environment
• Proficiency in Microsoft Office Suite (Word, Excel, PowerPoint)
• Strong analytical skills and attention to detail
• Strong problem‑solving and critical‑thinking abilities.
• Ability to manage multiple engagements and deadlines.
• Collaborative, customer‑centric mindset.
• High integrity and commitment to confidentiality.

Nice To Haves

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Business, or a related field
• Relevant certifications or progress toward: CompTIA Security+, CISA, CRISC, or GRC Professional
• Familiarity with GRC platforms such as Apptega, StandardFusion, or ControlMap
• Experience with cloud environments (AWS, Azure, GCP) and associated compliance considerations
• Experience with security awareness training platforms (KnowBe4, InfoSec IQ)

Responsibilities

• Assist in the development, implementation, and assessment of information security policies, standards, and procedures aligned to industry frameworks and regulatory compliance (HIPAA, SEC, FTC, NIST CSF, ISO 27001, SOC 2, CMMC, etc.)
• Assist with risk assessments, gap analyses, and control evaluations across multiple client engagements simultaneously across various industries
• Participate in the development of risk registers, risk treatment plans, and remediation roadmaps
• Assist with third-party/vendor risk assessments and due diligence activities
• Document findings, prepare client-facing reports, and contribute to presentations and deliverables
• Support audit readiness activities and facilitate evidence collection for audits and assessments
• Stay current on emerging threats, regulatory changes, and evolving GRC best practices
• Collaborate with GRC consultants and vCISOs to deliver engagements on time and within scope
• Support the configuration, data entry, and maintenance of GRC tooling and platforms used to manage client compliance programs
• Other responsibilities as assigned by management.

Benefits

• Diversity, equity, and inclusion are not only fundamental values but also powerful drivers of innovation, growth, and success. We are committed to fostering an environment where every individual feels valued, respected, and empowered.