Senior Compliance Analyst, Security GRC

About The Position

Requirements

• Bachelor's degree or equivalent work experience, with 3–5 years of experience in compliance, risk management, internal audit, or regulatory affairs.
• Knowledge of regulatory frameworks such as SOC, ISO 27001, NIST 800-53, FedRAMP, SOX, HIPAA, GDPR, or FAR/DFARS.
• Strong data gathering, interviewing, analytical, and problem-solving skills; strong knowledge of security risk assessment techniques, risk scoring models, and risk impact analysis.
• Strong oral and written communication skills with a professional demeanor; strong facilitation, project management, and interpersonal skills with the ability to maintain professionalism across all levels of the organization.
• Strong collaboration skills applied successfully within a team and across all levels of employees; demonstrated ability to influence, motivate, and mobilize team members and business partners.

Nice To Haves

• Experience in a government-regulated industry such as healthcare, finance, defense, or technology.
• Cloud security and/or AI GRC certifications.
• Strong data analysis knowledge using tools such as Excel, SQL, or statistical software packages.
• Strong knowledge of Microsoft Operating Systems, products, and advanced Microsoft Excel skills.
• Self-motivated with the ability to manage projects to completion with minimal oversight in a fast-paced, deadline-driven environment; strong attention to detail with the ability to handle sensitive information with discretion and tact.

Responsibilities

• Lead complex internal and external audits, coordinating cross-functional participation and ensuring timely, accurate evidence delivery; serve as a subject matter expert on one or more compliance frameworks including SOC 2, ISO 27001, HIPAA, FedRAMP, and PCI.
• Design and execute control testing plans, evaluating control effectiveness and documenting observations or gaps; drive remediation workflows by partnering with system owners to define action plans and confirm closure.
• Develop and maintain compliance documentation including system security plans, control narratives, and audit-ready evidence libraries; prepare and maintain comprehensive records of compliance activities including risk assessments, audit reports, and regulatory filings.
• Support harmonization of control frameworks by mapping controls and evidence across multiple regulations and standards; identify process and control improvement opportunities, recommending updates that enhance efficiency and reduce audit friction.
• Project manage compliance audits including evidence collection and gap analysis; mentor junior analysts in audit readiness, evidence preparation, and control testing methodologies.
• Mentor, coach, train, and provide feedback to other team members; may provide feedback to leadership on the technical abilities of the team.

Benefits

• career development resources
• wellbeing programs
• innovation practices