Senior Governance, Risk, and Compliance (GRC) Analyst

About The Position

Requirements

• 3–5+ years of GRC, audit, or security compliance experience
• Strong knowledge of risk assessment and security control frameworks
• Ability to communicate technical and regulatory content clearly and concisely
• Familiarity with security and compliance in cloud environments (Azure, AWS, OpenShift)
• Demonstrated success supporting audits and policy implementation
• Highly organized and attentive to detail
• Experience in the pension, financial, insurance, or banking sectors.
• Comfortable working across teams to implement governance and compliance strategies
• Proactive in identifying risks and driving remediation
• Committed to continuous improvement and professional development
• Bachelor’s degree in Information Security, Information Systems, Risk Management, or a related field, or an equivalent combination of education and experience.
• 3–5+ years of experience in information security, compliance, IT audit, or risk management roles.
• Solid understanding of GRC concepts, risk management methodologies, and regulatory frameworks (e.g., NIST, ISO 27001, SOC 2, HIPAA, GDPR).
• Experience supporting or managing internal and external audits, risk assessments, and vendor due diligence processes.
• Familiarity with cloud security governance practices in Azure, AWS, or OpenShift environments.
• Strong organizational, analytical, and problem-solving skills; attention to detail and ability to manage multiple tasks simultaneously.
• Excellent verbal and written communication skills; ability to document processes and translate complex requirements for diverse audiences.
• Proficiency with GRC platforms or tools (e.g., ServiceNow GRC, Archer, OneTrust, LogicGate) is a plus.
• Experience working in regulated industries or handling sensitive data preferred.

Nice To Haves

• Holds or is pursuing relevant certifications (e.g., CISA, CRISC, CISSP)
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP) (with GRC/governance domain)
• Microsoft Certified: Azure Security Engineer Associate
• AWS Certified Security – Specialty
• Red Hat Certified Specialist in OpenShift Security

Responsibilities

• Support the design, implementation, and continuous improvement of the organization’s GRC (Governance, Risk, and Compliance) program.
• Assist in maintaining compliance with internal security policies and external regulatory frameworks (e.g., HIPAA, GDPR, CCPA, ISO 27001, SOC 2, NIST CSF, NIST 800-53).
• Collaborate with technical and business teams to implement and document effective security controls, especially in cloud and hybrid environments (Azure, AWS, OpenShift).
• Coordinate and support internal and external audits; track findings, manage responses, and drive remediation efforts.
• Conduct and document security risk assessments, business impact analyses, and third-party/vendor risk assessments.
• Maintain the information security policy framework; assist with policy drafting, review, and lifecycle management.
• Develop metrics and reporting to track compliance status, control effectiveness, and risk exposure across the organization.
• Assist with data governance and privacy program activities, including data classification, impact assessments, and compliance monitoring.
• Manage GRC tools and repositories, including risk registers, control libraries, and audit logs.
• Provide input on the security implications of new projects, vendors, and technologies.
• Help build a culture of security awareness by contributing to training, internal communications, and staff education efforts.
• Perform other duties as assigned.

Benefits

• PERA invests in our employees’ growth through training and leadership opportunities.
• To promote wellbeing, we offer hybrid or flexible working options for most roles and a total rewards and benefit program including health, dental and vision coverage - eligibility starts the first day of the month following the date of hire for most plans; generous paid time off and volunteer hours; pension and retirement plans, including PERA’s defined benefit plan, 457 defined contribution plan, and 401(k) employer match, as applicable; tuition assistance; free, convenient on-site parking or RTD subsidy; free on-site fitness center to stay active; employee assistance program; training, leadership and mentoring programs and more.
• PERA is a Public Service Loan Forgiveness qualifying employer.