Lead GRC Analyst (IT/Security)

Austin TXManor, TX
Onsite

About The Position

Join UCT and be part of the fastest-growing sector in the world! We indirectly touch every semiconductor chip that goes into every smartphone, smart car, and device that uses artificial intelligence. This is a critical time for the semiconductor industry and for UCT - as technology evolves, we evolve with it. UCT is a diverse workplace where every talented employee is committed to continuous innovation, challenging the status quo and exceeding customer expectations. If you are a person with a relentless drive to succeed, a strong focus on quality with a passion for success – join us today! UCT is looking for a talented Analyst III, IT Infosec to join us in Austin, TX! Analyst III, IT Information Security is a contributor responsible for strengthening the organization’s security posture through analysis, detection, incident response, and security program development. This role blends technical expertise with strategic thinking, ensuring that security controls, policies, and processes effectively protect systems, data, and users across the enterprise. Role Overview The UCT GRC Specialist will support the design, execution, and maturity of UCT’s IT governance, risk, and compliance program. This role is responsible for coordinating IT risk management activities, supporting control design and testing, maintaining audit-ready evidence, and partnering with IT, Security, Legal, Finance, HR, Operations, and business stakeholders to embed compliance into day-to-day processes. The role will help maintain a structured GRC program aligned with applicable regulatory requirements, SOX obligations, cybersecurity frameworks, internal policies, and UCT’s risk appetite. The specialist will also support continuous improvement initiatives, including automation, workflow optimization, reporting, and development of playbooks and self-service resources.

Requirements

  • Minimum of 3 years of experience in IT governance, risk, compliance, IT audit, cybersecurity compliance, IT controls, third-party risk management, or a related field.
  • Bachelor’s degree in Information Systems, Information Technology, Cybersecurity, Computer Science, Accounting, Business, Risk Management, or a related field, or equivalent practical experience.
  • Experience supporting IT risk register activities, control testing, evidence collection, audit readiness, remediation tracking, compliance reporting, or site walkthroughs.
  • Working knowledge of IT control frameworks and compliance requirements such as SOX, ITGC, CIS, NIST CSF, ISO 27001, SOC 2, or similar frameworks.
  • Ability to partner with IT, Security, business, site teams, vendors, and control owners to document processes, validate control operation, identify gaps, and support remediation.
  • Strong written and verbal communication skills, with the ability to prepare clear documentation, walkthrough notes, risk summaries, control summaries, dashboards, and stakeholder updates.
  • Strong organizational skills with the ability to manage multiple priorities, track deadlines, follow up on open items, and support recurring compliance activities.

Nice To Haves

  • Professional certification preferred, such as CRISC, CISA, CISM, CISSP, or other relevant IT risk, audit, security, or compliance certification.

Responsibilities

  • Support the vendor and cloud service provider risk review process, including intake, security questionnaire review, SOC 2 report review, architecture and access considerations, contract support, risk documentation, and stakeholder follow-up.
  • Evaluate vendor security posture in coordination with technical subject matter experts and document risks, compensating controls, remediation commitments, and risk acceptance decisions where applicable.
  • Maintain vendor risk records and support reporting on third-party risk themes, overdue remediation items, and exceptions that require management awareness.
  • Administer, optimize, and support GRC and compliance automation platforms to improve workflow efficiency, reduce manual effort, and strengthen reporting consistency.
  • Develop and maintain compliance metrics, dashboards, process trackers, and executive reports to communicate program status, control performance, audit readiness, and remediation progress.
  • Identify opportunities to streamline recurring compliance activities, standardize evidence collection, automate reminders, and improve stakeholder visibility into open tasks and deadlines.
  • Establish, maintain, and mature the Enterprise IT Risk Register, including risk identification, categorization, likelihood and impact scoring, ownership assignment, risk response, and status tracking.
  • Partner with risk owners to develop and monitor risk treatment plans, track remediation progress, and escalate high or critical risks when timelines, ownership, or mitigation plans require leadership attention.
  • Develop and present risk dashboards, compliance metrics, and executive-ready reports that provide leadership with a clear view of UCT’s IT risk environment, control gaps, remediation status, and program maturity.
  • Support the scoping, design, and maturity of UCT’s IT compliance program by mapping IT controls to applicable frameworks and requirements, including SOX, ITGC expectations, CIS, NIST CSF, ISO 27001, SOC 2, and other relevant regulatory or customer obligations.
  • Perform control gap analyses, document findings, assess control maturity, and develop remediation roadmaps in partnership with control owners, system owners, and process owners.
  • Design, document, and improve internal controls and common control frameworks to support evolving compliance requirements, reduce duplication, and improve consistency across applications, infrastructure, and business processes.
  • Plan, coordinate, and perform site walkthroughs to evaluate local IT operations, physical and logical access practices, change management procedures, backup and recovery processes, asset management, and compliance with established IT policies and control requirements.
  • Partner with site IT teams, business process owners, and control owners to understand local procedures, validate control operation, identify process gaps, and confirm that documented practices align with actual operating activities.
  • Document walkthrough observations, risks, control gaps, evidence requirements, and remediation actions in a clear and audit-ready format.
  • Track site walkthrough findings through remediation, escalate significant issues where appropriate, and summarize recurring themes for leadership reporting and broader control improvement initiatives.
  • Draft, maintain, and periodically review IT policies, standards, procedures, and control documentation to ensure alignment with regulatory requirements, internal governance expectations, and operational practices.
  • Manage the policy and SOP lifecycle, including drafting, stakeholder review, approval routing, publication, periodic recertification, and evidence-based validation of operating procedures.
  • Develop training materials, playbooks, and self-service resources that help IT and business teams understand compliance expectations and meet requirements efficiently.
  • Lead or support control design walkthroughs and tests of operating effectiveness, including evidence collection, effectiveness validation, exception identification, remediation tracking, and continuous improvement.
  • Prepare and support control owners and process owners for internal and external audits by reviewing people, processes, technologies, key configurations, and supporting evidence for completeness and audit readiness.
  • Build and maintain a centralized evidence repository to ensure change control records, access reviews, control attestations, remediation artifacts, and other compliance documentation are organized, current, and available for audit requests.
  • Coordinate audit evidence requests across IT and business teams, track completion against defined timelines, and communicate status, blockers, and escalation needs to stakeholders.
  • Define, maintain, and support the schedule and standards for periodic user access reviews of SOX-relevant and mission-critical systems.
  • Validate completed access reviews against least privilege, segregation of duties, and business need requirements; document findings, exceptions, and evidence of review completion.
  • Track remediation of excessive, inappropriate, or stale access identified during reviews and support reporting to control owners, system owners, and leadership.
  • Partner with IT, Security, Engineering, Product, Legal, HR, Finance, Operations, and business stakeholders to integrate compliance requirements into processes, technology changes, vendor decisions, and operational practices.
  • Communicate effectively with technical and non-technical stakeholders on IT risk, control design, remediation expectations, audit requests, and program reporting.
  • Manage multiple GRC initiatives simultaneously while keeping stakeholders informed, maintaining schedules, tracking deliverables, and escalating risks to timely completion.
  • Support the design of the overall GRC program structure, including process design, tooling strategy, control framework alignment, operating cadence, and prioritization roadmap.
  • Help establish scalable GRC policy, methodology, documentation, and reporting standards as the function grows.
  • Represent GRC in cross-functional governance discussions and advise stakeholders on risk-based prioritization, control expectations, and remediation planning.
  • Provide technical direction, knowledge sharing, and mentoring support to additional GRC team members as the function expands.
  • Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service