IT GRC Analyst

About The Position

Requirements

• Knowledge of Security Frameworks & Regulations – Understanding of ISO 27001, NIST 800-X, CMMC, SOC 2, HIPAA, PCI DSS, and GDPR.
• Risk Management – Ability to conduct risk assessments, identify vulnerabilities, and implement mitigation strategies.
• Compliance Auditing – Experience with internal/external audits, compliance reporting, and policy documentation.
• GRC Tools & Platforms – Familiarity with cyber security tools related to functions such as security awareness training, log management, vulnerability assessment and other functions
• Security & IT Fundamentals – Understanding of cybersecurity principles, cloud security (AWS, Azure, GCP), and identity & access management (IAM).
• Risk Analysis – Ability to evaluate threats, vulnerabilities, and business impact.
• Data Interpretation – Analyzing compliance reports, audit findings, and security metrics to improve risk posture.
• Communication & Reporting – Ability to explain complex compliance requirements to technical and non-technical stakeholders.
• Organization – Ability to manage job functions proactively with maximum efficiency and results
• Attention to Detail – Ability to perform job functions thoroughly with outcomes that align with business needs.
• Project Management – Ability to define project targets and coordinate resources for successful execution
• Relationships – Ability to develop professional relationships and lead discussions that foster collaboration on cyber security initiatives.
• Employees will follow the work schedule assigned and must comply with the attendance and established punctuality requirements. Maintaining regular attendance and punctuality is crucial for this position. Understanding the importance of attendance and showing up for the job every day lays the foundation for our success as a team and your successful career.
• Bachelor's degree in Information Security, Business, Information Systems, or related field preferred.
• 1–4 years of experience in GRC, cybersecurity, audit, or risk management (depending on level).
• Strong organizational and time management skills.
• Proficiency with Microsoft Office Suite (Word, Excel, PowerPoint) and video conferencing tools.
• Excellent verbal and written communication skills.
• Strong understanding of risk management principles and compliance frameworks.
• Excellent analytical, documentation, and report-writing capabilities.
• Ability to work cross-functionally and communicate with both technical and non-technical stakeholders.
• Strong organizational skills and attention to detail.
• Familiarity with security concepts (identity management, access controls, network security, etc.).
• Regular attendance and punctuality are vital attributes for all employees and critical for our staff as we are the role models for our organization and future leaders. It is important for employees to attend work regularly and to arrive at work on time, because failure to do so detrimentally affects employee morale and productivity throughout North End Teleservices, LLC.

Nice To Haves

• Experience with GRC tools (e.g., ServiceNow GRC, Archer, OneTrust, LogicGate, Drata, Vanta).

Responsibilities

• Development, alignment, maintenance, and regular audit of policies related to cyber security and risk including: Information Security Policy (annual review) Business Continuity Plan (annual review) Disaster Recovery Plan (annual review) Incident Response Plan (annual review) Risk Management Program (annual review) Acceptable Use Policies (annual review) Removeable Media Policy (annual review) Technology Control Plan (annual review) Security Awareness and Training Policy (annual review) Media Marking and Handling Policy (annual review) AI Policy (annual review) Other policies as assigned
• Development, alignment, maintenance, and audit of procedures that impact cyber security controls including: Access Control Procedure Operational Change Management Procedure Network Access Management Procedure Log Management Procedure Other procedures as assigned
• Management, execution and follow-up related to recurring functions as assigned including: Security Awareness Training campaigns (quarterly) Vulnerability Assessments reviews (monthly) Log Management procedures (weekly) Risk Register meetings (quarterly) Tabletop exercises (annually) Active network user audits (monthly) Approved application audits (annually) Review of employee cybersecurity training/acknowledgement program (annually) Public-facing Resources Audit (annually) Security Controls Assessment (annually) User Access Review (annually) Power continuity review (annually) All aspects of Risk Management Program (as needed) Other functions as assigned (as needed)
• Execution of ad hoc cybersecurity tasks as needed
• Routine maintenance of policies and procedures in line with business changes
• Response to cybersecurity incidents, related logging, forensics, and action
• Review of CISA alerts and associated Risk Register updates
• Cybersecurity projects as assigned
• Cybersecurity partnership management and optimization
• Operational Change Management review discussions and form completion as needed
• Periodic cybersecurity training for team members
• Meetings and related follow-up
• Cybersecurity support for customer inquiries and sales opportunities
• Other tasks as assigned
• Management of certain platform software and documentation as assigned including: Security Awareness Training Platform Password Vault Platform Section 508 Accessibility Platform Other platforms as assigned
• Governance, Risk, and Compliance documentation