Senior Information Analyst, GRC Cybersecurity Frameworks

About The Position

Requirements

• 6+ years of experience in governance, risk, compliance, or cybersecurity risk management roles.
• Practical experience working with recognized cybersecurity frameworks (e.g., NIST, ISO‑aligned programs).
• Demonstrated ability to engage confidently with senior technical and business stakeholders.
• Strong written and verbal communication skills, including experience preparing leadership‑level materials.

Nice To Haves

• Experience supporting enterprise‑scale GRC or security programs in complex organizations.
• Familiarity with enterprise GRC platforms or risk management tooling.
• Relevant professional certifications (e.g., CISM, CRISC, CISSP, CISA) are a plus.

Responsibilities

• Drive the ongoing operation and continuous improvement of the company’s cybersecurity framework program aligned to industry best practices.
• Facilitate assessments, gap analyses, and evidence review activities in partnership with control owners.
• Translate framework requirements into practical, business‑aligned guidance for technical and non‑technical stakeholders.
• Partner with Information Security, IT, and business teams to drive ownership and timely remediation of identified gaps.
• Provide risk‑informed challenge and recommendations during design, implementation, and review of security controls.
• Participate in governance forums to track progress, surface systemic issues, and support informed decision‑making.
• Contribute to executive‑level and senior leadership reporting on cybersecurity risk, control effectiveness, and trends.
• Develop concise materials that communicate security posture in clear, non‑technical language appropriate for leadership audiences.
• Support internal and external review activities by preparing accurate, well‑organized documentation and narratives.
• Maintain risk, issue, and remediation tracking artifacts in alignment with internal governance processes.
• Support the development and implementation of cybersecurity governance processes regarding cybersecurity maturity enhancement, policy and standards, AI risk assessment, data governance, and third party risk management.
• Support audit, assessment, and compliance activities by coordinating evidence collection and response management.
• Assist in the ongoing refinement of GRC processes, templates, and reporting mechanisms.

Benefits

• paid vacation time
• paid sick leave
• medical/dental/vision insurance
• life, accident and disability insurance
• tax-advantaged flexible spending and health savings accounts
• employee assistance program
• other voluntary benefit programs such as supplemental life and AD&D, legal plan, pet insurance, critical illness, accident and hospital indemnity
• tuition reimbursement
• transit
• the Applause Program
• employee stock purchase plan
• Sandisk's Savings 401(k) Plan