Senior GRC Analyst

This is a fully remote position, open to applicants in Texas.

📋 Description

• Oversee evaluations and audits of security and IT control frameworks.

• Design, execute, and enhance cybersecurity and compliance initiatives.

• Create risk registers, perform risk assessments, and monitor remediation actions.

• Develop and optimize policies, standards, and procedures in accordance with leading frameworks including SOC 2, ISO 27001, NIST CSF, HIPAA, HITRUST, CMMC, and others.

• Prepare clients for both internal audits and external evaluations.

• Convert technical, regulatory, and business needs into clear, actionable deliverables for client stakeholders.

• Present findings, manage client feedback, and achieve results even when facing stakeholder resistance.

• Guide junior analysts and contribute to the advancement of our GRC practice.

• Engage in peer reviews of deliverables prior to client submission.

⛳️ Requirements

• Permanent authorization to work in the U.S. -- no sponsorship of any kind, now or in the future.

• Capable of passing a background check.

• Practical GRC experience with a proven history of owning deliverables, producing framework-based documentation, and driving remediation -- beyond merely supporting programs internally.

• Extensive knowledge of compliance standards including SOC 2, ISO 27001, NIST CSF, HIPAA, and HITRUST.

• Experience in directly communicating findings and recommendations to clients or senior internal stakeholders.

• Exceptional writing abilities -- your deliverables are clear, polished, and require minimal editing before being sent to a client.

• Strong analytical skills and professional judgment.

• A high degree of accountability and ownership.

• Ability to work independently in a fully remote setting with little oversight.

• A proactive approach to communication.

🏝️ Benefits

• Active certifications such as CISA, CISM, CISSP, or CRISC are highly preferred.

• Access to reliable high-speed internet and a secure, private remote workspace.