Senior GRC Analyst

About The Position

Requirements

• Bachelor's degree and 6+ years of relevant experience, or 10+ years of IT, cybersecurity, compliance, or governance experience in lieu of a degree.
• Experience advising clients or internal stakeholders on security governance, compliance readiness, and risk management.
• Working knowledge of compliance and security frameworks such as NIST, CIS Controls, SOC 2, ISO 27001, HIPAA, and/or CMMC.
• Minimum 2 years of experience with Microsoft Purview, including data governance, sensitivity labeling, information protection, or related Microsoft 365 compliance capabilities.
• SC-401 passed within three months of hire or previously attained. Endsight will pay for training and exams if not previously completed.
• CCP certification within six months of hire or previously attained. Endsight will pay for training and exams if not previously completed.
• Strong technical writing skills, including the ability to create policies, security program documentation, status reports, and executive/client-facing communications.
• Excellent communication, organization, collaboration, and follow-through.
• Ability to manage competing demands across clients, internal teams, and leadership priorities.
• Strong attention to detail.
• Ability to work independently in a remote environment.
• Self-motivated, proactive, and comfortable moving work forward without constant direction.
• U.S. citizenship.

Nice To Haves

• Current CCP and Microsoft SC-401 certification.
• CISA, CISM, CISSP, or similar governance, risk, compliance, or security certification.
• Experience in an MSP, MSSP, consulting, or client-facing security services environment.
• Experience supporting clients through CMMC, ISO 27001, HIPAA, SOC 2, or other regulated compliance efforts.
• Familiarity with security QBRs, client roadmaps, compliance reporting, and executive-level risk communication.
• Ability to turn complex requirements into practical plans, visuals, summaries, and client-ready explanations.
• Strong analytical and problem-solving skills.
• Genuine curiosity for cybersecurity, governance, and continuous improvement.

Responsibilities

• Serve as the primary compliance and governance contact for assigned MSP and MSSP clients.
• Guide clients through compliance readiness efforts, including planning, documentation, policy development, evidence preparation, and auditor-facing coordination.
• Own the onboarding and ongoing service experience for compliance-focused MSSP clients.
• Prepare and deliver compliance-focused security QBRs, cadence calls, and client status updates.
• Write, update, and maintain Written Information Security Programs, security policies, governance documentation, and related client-facing materials.
• Help scope, coordinate, and manage compliance and security projects to ensure work is scheduled, communicated, and delivered on time.
• Support Microsoft Purview, data governance, sensitivity labeling, and Bronze/Silver/Gold data classification initiatives for Endsight and its clients.
• Advise internal leaders on compliance, governance, data protection, and risk management needs.
• Coordinate with security analysts, Client Strategy Managers (CSMs), consultants, leadership, and client stakeholders to keep compliance work moving.
• Participate in customized cybersecurity awareness training efforts for clients.
• Support the security team's shared SOC alert and on-call process by assisting with initial triage and communication when needed. This is not a hands-on technical support role.

Benefits

• Medical: Company pays 100% of the base plan for the employee and family
• Dental & Vision
• 401(k) with employer matching
• Accrued Paid Time Off
• 9 Paid Holidays
• Career Pathing