Information Security GRC Analyst

📋 Description

• Assist in the creation, implementation, and evaluation of information security policies, standards, and procedures that align with industry frameworks and regulatory requirements (HIPAA, SEC, FTC, NIST CSF, ISO 27001, SOC 2, CMMC, etc.)

• Support risk assessments, gap analyses, and control evaluations across various client engagements and industries simultaneously.

• Engage in the development of risk registers, risk treatment plans, and remediation roadmaps.

• Aid in conducting third-party/vendor risk assessments and due diligence activities.

• Document findings, create client-facing reports, and contribute to presentations and deliverables.

• Assist in audit readiness activities and facilitate the collection of evidence for audits and assessments.

• Stay updated on emerging threats, regulatory changes, and evolving best practices in Governance, Risk, and Compliance (GRC).

• Collaborate with GRC consultants and virtual Chief Information Security Officers (vCISOs) to ensure timely and within-scope delivery of engagements.

• Support the configuration, data entry, and maintenance of GRC tools and platforms utilized for managing client compliance programs.

• Carry out other responsibilities as assigned by management.

⛳️ Requirements

• 1–2 years of experience in Governance, Risk, and Compliance (GRC), cybersecurity, IT audit, or a related field.

• Foundational knowledge of security frameworks such as NIST CSF, ISO 27001, or CIS Controls.

• Excellent written and verbal communication skills, with the capacity to explain technical concepts to non-technical audiences.

• Ability to handle multiple tasks and meet deadlines in a fast-paced, client-focused environment.

• Proficient in Microsoft Office Suite (Word, Excel, PowerPoint).

• Strong analytical abilities and attention to detail.

• Excellent problem-solving and critical thinking skills.

• A collaborative and customer-centric approach.

• High integrity and a commitment to maintaining confidentiality.

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Business, or a related field (preferred).

• Relevant certifications or progress toward certifications such as CompTIA Security+, CISA, CRISC, or GRC Professional (preferred).

• Familiarity with GRC platforms like Apptega, StandardFusion, or ControlMap (preferred).

• Experience with cloud environments (AWS, Azure, GCP) and relevant compliance considerations (preferred).

• Experience with security awareness training platforms (KnowBe4, InfoSec IQ) (preferred).

🏝️ Benefits

• Health insurance

• Flexible work arrangements

• Professional development opportunities