Mid GRC Analyst

About The Position

Requirements

• 3–5 years of experience in governance, risk, and compliance, preferably in a technology-driven or regulated industry.
• Hands-on experience with GRC tools (e.g., Archer, LogicGate, ServiceNow GRC) and audit management workflows.
• Familiarity with compliance frameworks such as ISO 27001, SOC 2, NIST CSF, HIPAA, or SOX.
• Strong analytical skills with the ability to translate complex regulations into actionable controls.
• Excellent communication skills—you can explain risk and compliance concepts to both technical and non-technical audiences.
• A proactive, detail-oriented mindset with a passion for building secure, compliant, and ethical business practice.

Responsibilities

• Lead and execute internal audits across business units, ensuring alignment with frameworks such as ISO 27001, SOC 2, HIPAA, or SOX.
• Maintain and enhance our GRC platform (e.g., Archer, ServiceNow GRC, or similar) to track controls, risks, and remediation activities.
• Partner with IT, Security, and Operations teams to assess risks in new projects, vendors, and technologies.
• Support certification and regulatory compliance efforts by preparing documentation, evidence, and audit responses.
• Monitor and report on key risk indicators (KRIs) and control effectiveness metrics to leadership.
• Drive continuous improvement by identifying gaps, recommending process enhancements, and implementing best practices.