Senior Analyst, Cyber Governance, Risk and Compliance (GRC)

H.I.G. Capital•Coral Gables, FL

About The Position

The Senior Cyber Governance, Risk, and Compliance (GRC) Analyst is a key member of the Cyber GRC team and the broader Information Security organization. This full-time role is responsible for supporting and advancing the organization’s cybersecurity governance, risk management, and compliance initiatives. The Senior Analyst works closely with cross-functional teams to help ensure that cybersecurity risks are identified, assessed, and managed in alignment with business objectives, regulatory requirements, and industry best practices. This role is designed for experienced professionals who are passionate about cybersecurity risk management and committed to strengthening enterprise security programs. The Senior Cyber GRC Analyst contributes to the development, implementation, and continuous improvement of governance processes, compliance activities, and cyber risk management practices that support an effective and resilient Information Security program. In this position, the Senior Analyst will collaborate with stakeholders across technology, risk, and business teams to support security assessments, policy and control development, regulatory and framework alignment, and risk remediation efforts. This role provides the opportunity to influence and enhance the organization’s security posture while working alongside experienced cybersecurity leaders and practitioners. Through these responsibilities, the Senior Cyber GRC Analyst plays an important role in helping the organization maintain a strong cybersecurity governance structure and ensuring that the Information Security program effectively addresses evolving threats, regulatory expectations, and business priorities.

Requirements

Bachelor’s degree in Information Security, Cybersecurity, Computer Science, Management Information Systems, Engineering, or a related technical discipline from an accredited university, or a high school diploma and equivalent professional experience.
Demonstrated knowledge of information security principles and logical security domains, including governance, risk management, compliance, and security control frameworks.
Familiarity with cybersecurity frameworks and standards such as NIST, ISO 27001, CIS Controls, or similar industry-recognized security frameworks.
Experience or exposure to areas such as security governance, regulatory compliance, risk assessments, third-party risk management, or security program operations.
Strong analytical and problem-solving abilities, with the capacity to evaluate complex situations and apply sound judgment when assessing cybersecurity risks.
Excellent written and verbal communication skills, with the ability to clearly document security assessments, policies, and risk findings for both technical and non-technical audiences.
Demonstrated ability to organize, prioritize, and manage multiple tasks and deadlines in a dynamic environment.
Strong interpersonal skills with the ability to collaborate effectively with technology teams, business stakeholders, and risk management functions.
High level of professional initiative, accountability, and self-motivation, with the ability to work independently while contributing to a collaborative team environment.
Strong attention to detail and commitment to maintaining high standards of accuracy, documentation quality, and program integrity.

Responsibilities

Support the firm’s Cyber Governance, Risk, and Compliance (GRC) program by evaluating and enhancing security controls, policies, standards, procedures, and guidelines in alignment with the organization’s reference security framework.
Support the alignment of the firm’s Information Security Program with recognized security frameworks and regulatory expectations (e.g., NIST CSF, ISO 27001, CIS Controls, and applicable financial regulatory requirements) by mapping controls, identifying gaps, and recommending improvements.
Contribute to the ongoing development and maintenance of cybersecurity policies, standards, and governance documentation, ensuring they remain aligned with evolving threats, regulatory requirements, and industry best practices.
Provide support for internal and external audits by coordinating documentation requests, collecting control evidence, and ensuring timely delivery of required artifacts.
Participate in the execution of recurring GRC program activities, including quarterly access reviews, control validation activities, and other governance processes that support compliance and risk oversight.
Conduct and support the firm’s Third-Party Risk Management (TPRM) activities by performing vendor risk assessments, evaluating security documentation, and producing risk evaluations for both new and existing third-party vendors.
Identify, assess, and track cybersecurity risks affecting the firm and its third parties through the organization’s cyber risk monitoring platform, and collaborate with stakeholders to support risk mitigation and remediation efforts.
Collaborate with technology, risk, and business teams to support security risk assessments for new initiatives, systems, and third-party integrations, ensuring cybersecurity risks are identified and addressed during project planning and implementation.
Assist in the preparation of cyber risk reporting and metrics for security leadership and internal stakeholders, providing visibility into the organization’s cybersecurity risk posture and control effectiveness.
Coordinate with business and technology stakeholders to follow up on GRC-related action items, ensuring that risk remediation tasks and control activities are completed within defined timelines.
Support and enhance the firm’s Cybersecurity Awareness Program, including monitoring training completion, engaging with users on outstanding requirements, and identifying opportunities for additional targeted training where needed.