Senior GRC Analyst

Sargent & Lundy-posted 2 days ago
$100,010 - $144,190/Yr
Full-time • Mid Level
Hybrid • Chicago, IL
5,001-10,000 employees
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

Sargent & Lundy is a leading consulting engineering firm specializing in the power and energy sectors. Since 1891, we have provided comprehensive engineering, design, and consulting services for both traditional and renewable power generation, grid modernization, nuclear power, and beyond. Our mission is to help clients achieve their energy goals effectively by leveraging advanced technologies and adopting sustainable practices. Role Overview Sargent & Lundy is seeking a proactive, data-driven, and detail-oriented Senior GRC Analyst to lead key pillars of Governance, Risk, and Compliance (GRC) with a primary emphasis on enterprise Information Security, TPRM, contract governance, and cross-functional coordination with Legal and Procurement. You will own cyber training, communications, and phishing simulations, and drive measurable outcomes through strong data analysis and dashboard reporting (KPIs/KRIs). You will support audit readiness and regulatory alignment across frameworks such as ISO 27001, SOC 2, NIST CSF /171 , and CMMC. You will also guide privacy-aligned practices (e.g., GDPR) and lead effective policy implementation through clear procedures, controls, and adoption plans.

  • Lead and mature the Third-Party Risk Management (TPRM) program: Develop & manage vendors inventory, conduct risk reviews of third-party vendors, define tiering/scoping, evaluate controls, track obligations/findings through closure, and standardize evidence retention in collaboration with Legal and Procurement.
  • Drive strong contract management with Legal and Procurement: S tandardize security and privacy clauses, review S&L client contracts, negotiate requirements, and ensure obligations are tracked, owned, and reported.
  • Own the security awareness & training program end-to-end: D evelop curriculum, coordinate communications, execute phishing simulations, analyze outcomes, and improve effectiveness using KPI/KRI dashboards and trend reporting.
  • Administer and optimize GRC platforms and workflows (e.g., Hyperproof ) to maintain visibility into risks, assessments, findings, and audit deliverables; establish SLAs and performance indicators.
  • Develop risk management & risk assessment practice, c onduct risk assessments , develop and manage risk register with clear tracking of risks and accountability.
  • Advance security governance by drafting, maintaining , and operationalizing policies, standards, procedures, and roles & responsibilities; lead change management and communications to ensure policy implementation and adoption.
  • Coordinate evidence and execute control readiness for ISO 27001, SOC 2, NIST CSF, CMMC (gap analysis, control testing, POA&Ms), and support automation that reduces workload .
  • Support privacy-aligned practices (e.g., GDPR): contribute to data classification/handling standards, data mapping/records of processing, privacy-by-design reviews, incident/breach alignment, and retention practices.
  • Oversee governance for Business Continuity and Disaster Recovery and Backup & Recovery in partnership with IT (plan maintenance, exercises, lessons learned, reporting).
  • Lead cross-functional coordination with IT, HR, Finance, Legal, and business teams to embed compliance into operations and accelerate remediation of findings.
  • Manage security tasks/projects and report progress via standardized dashboards, scorecards, and executive-ready narratives, highlighting risk, performance, and trends.
  • Define, publish, and automate metrics & management reporting (KPIs/KRIs) for training effectiveness, phishing trends, vendor risk, audit readiness, privacy/policy adoption, and control performance.
  • Continuously upgrade information security skills, c ontribute to Information Security team skill development with playbooks, enablement sessions, and knowledge-sharing.
  • Support government contract compliance reviews and tracking, ensuring obligations are documented, monitored , and evidenced .
  • Bachelor’s degree in computer science, information systems, or related field; or equivalent professional experience.
  • 5+ years in GRC or related domains, including leadership/ownership of programs or workstreams.
  • Strong understanding of ISO 27001, SOC 2, NIST CSF; experience with CMMC readiness.
  • Practical knowledge of privacy and GDPR with the ability to implement policy via procedures, controls, communications, and training.
  • Proven expertise in risk management, compliance operations, policy/standards, vendor risk, resilience, security training/awareness, and audit readiness.
  • Advanced data analysis skills with the ability to design and maintain KPI/KRI dashboards, translate data into insights, and present executive-ready reporting.
  • Familiarity with security technologies across on-prem and cloud environments; strong problem-solving and systems thinking.
  • Deep Knowledge of Governance & Privacy Policy lifecycle management and control mapping; demonstrated ability to translate policy into procedures/controls and drive organization-wide policy implementation and adoption.
  • Privacy principles and GDPR-aligned practices (e.g., data classification/handling, data mapping/records of processing, privacy by design, incident/breach communications aligned to policy).
  • Compliance standards and frameworks (ISO 27001, NIST CSF, SOC 2, CMMC).
  • Third-party risk, software intake governance, audit readiness, and evidence management.
  • Security & TPRM Tools - TPRM platforms: ProcessUnity (Vendor Risk, Contract/Obligations, Issues/Findings tracking).
  • TPRM intelligence/workflow: OneTrust , BitSight (as applicable).
  • GRC/risk registers: Hyperproof (risk, controls, evidence, audits).
  • Data analytics and reporting: Power BI and Excel ( for KPI/KRI dashboards and executive reporting).
  • Business Continuity and Disaster Recovery Process Oversight.
  • Backup & Recovery Process Oversight.
  • Mentoring, cross functional team colla boration and executive reporting
  • Professional certifications (e.g., CISSP, CISM, CRISC) are advantageous .
  • Health Plans: Medical, Dental, Vision
  • Life & Accident Insurance
  • Disability Coverage
  • Employee Assistance Program (EAP)
  • Back-Up Daycare
  • FSA & HSA
  • 401(k)
  • Pre-Tax Commuter Account
  • Merit Scholarship Program
  • Employee Discount Program
  • Corporate Charitable Giving Program
  • Tuition Assistance
  • First Professional Licensure Bonus
  • Employee Referral Bonus
  • Paid Annual Personal/Sick Time (PST)
  • Paid Vacation
  • Paid Holidays
  • Paid Parental Leave
  • Paid Bereavement Leave
  • Flexible Work Arrangements
Track Jobs with Teal

Job Search Resources

Resume Builder
Senior KYC Analyst Resume Examples
Senior KYC Analyst Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service