Senior GRC Analyst

About The Position

Requirements

• Bachelor's Degree in Information Technology or Cybersecurity or other related degree.
• Relevant certifications (e.g. CISA, CRISC, CISM, or equivalent) preferred.
• Strong understanding of cybersecurity governance, risk management, and compliance concepts.
• Working knowledge of common security and compliance frameworks (e.g., NIST CSF, NIST 800-53, ISO 27001, SOC 2, CMMC).
• Experience performing security risk assessments and documenting risks, controls, and remediation plans.
• Ability to interpret technical security controls and map them to compliance and regulatory requirements.
• Experience supporting audits, assessments, or client security questionnaires.
• Familiarity with third-party risk management and vendor security review processes.
• Strong analytical skills with the ability to assess risk, identify gaps, and recommend practical improvements.

Responsibilities

• Manage the development, maintenance, and continuous improvement of the firm’s cybersecurity governance, risk, and compliance (GRC) program.
• Maintain and operationalize security policies, standards, procedures, and control frameworks aligned to industry standards (e.g., NIST CSF, NIST 800-53, ISO 27001, SOC 2, CMMC).
• Perform security risk assessments, including technology, vendor, and business process risk, and document findings, risk ratings, and recommended mitigations.
• Track identified risks, exceptions, and remediation activities through a centralized risk register and support risk acceptance workflows.
• Drive and support internal and external audits, client risk assessments, and due diligence requests (e.g., SOC reports, questionnaires, client security reviews).
• Partner with IT and Security teams to map technical controls to compliance requirements and validate control effectiveness.
• Manage and assist with third-party risk management activities, including vendor security reviews and ongoing risk monitoring.
• Contribute to incident governance activities, including post-incident reviews, risk tracking, and lessons learned documentation.
• Oversee and support compliance tooling and evidence collection (e.g., GRC platforms, audit management tools).
• Help define metrics and reporting related to risk posture, compliance status, and control maturity for leadership.
• Stay current on relevant regulatory, legal, and cybersecurity requirements impacting the firm and communicating changes to stakeholders.
• Collaborate cross-functionally to promote security awareness, risk-informed decision making, and consistent governance practices.
• Drive and support special projects related to SOC maturity, control improvements, M&A integration, and new technology risk assessments.

Benefits

• Cherry Bekaert cares about our people.
• We offer competitive compensation packages based on performance that recognize the value our people bring to our clients and our Firm.
• The salary range for this position is included below.
• Individual salaries within this range are determined by a variety of factors including but not limited to the role, function and associated responsibilities, a candidate’s work experience, education, knowledge, skills, and geographic location.
• In addition, we offer a comprehensive, high-quality benefits program which includes annual bonus, medical, dental, and vision care; disability and life insurance; generous Paid Time Off; retirement plans; Paid Care Leave; and other programs that are dedicated to enhancing your personal and work life and providing you and your family with a measure of financial protection.