Senior GRC Analyst

This is a fully remote position, open to applicants in Texas.

📋 Description

• Oversee evaluations and audits of security and IT control environments.

• Develop, implement, and enhance cybersecurity and compliance initiatives.

• Create risk registers, perform risk assessments, and monitor remediation activities.

• Formulate and improve policies, standards, and procedures in alignment with leading frameworks such as SOC 2, ISO 27001, NIST CSF, HIPAA, HITRUST, CMMC, and others.

• Prepare clients for internal audits and external evaluations.

• Convert technical, regulatory, and business requirements into clear, actionable outcomes for client stakeholders.

• Convey findings, manage client feedback, and drive results even in the face of stakeholder resistance.

• Mentor junior analysts and contribute to the advancement of our GRC practice.

• Engage in peer review of deliverables prior to client submission.

⛳️ Requirements

• Permanent authorization to work in the U.S. -- no sponsorship available now or in the future.

• Ability to pass a background check.

• Hands-on experience in GRC with a proven history of owning deliverables, creating frameworks-based documentation, and leading remediation efforts -- rather than merely supporting programs from within.

• Extensive knowledge of compliance standards such as SOC 2, ISO 27001, NIST CSF, HIPAA, and HITRUST.

• Experience in communicating findings and recommendations directly to clients or senior internal stakeholders.

• Exceptional writing skills -- your deliverables are clear, refined, and do not require extensive editing before being presented to a client.

• Strong critical thinking and professional judgment.

• A high degree of accountability and ownership.

• Ability to work independently in a fully remote setting with minimal supervision.

• A natural inclination toward effective communication.

🏝️ Benefits

• Active certifications such as CISA, CISM, CISSP, or CRISC are highly preferred.

• Access to reliable high-speed internet and a secure, private remote workspace.