GRC Analyst

GRC Analyst

Posted Today by Digital Minds Global Technologies Inc.

Negotiable
Undetermined
Remote
Remote

Summary: The GRC Analyst role focuses on enhancing the Governance, Risk, and Compliance program by conducting risk assessments, supporting audits, and collaborating with various stakeholders. The ideal candidate will possess a strong background in compliance frameworks and security policies, ensuring adherence to regulatory standards. This position is remote and requires a detail-oriented individual with experience in risk management and compliance. The role also involves continuous improvement of GRC processes and controls.

Key Responsibilities:

  • Assist in the development, implementation, and maintenance of Governance, Risk, and Compliance (GRC) programs.
  • Conduct risk assessments and identify security, operational, and compliance risks.
  • Support internal and external audits by gathering evidence and coordinating audit activities.
  • Develop, review, and maintain security policies, standards, procedures, and documentation.
  • Monitor compliance with regulatory requirements and industry frameworks.
  • Perform third-party/vendor risk assessments and monitor remediation activities.
  • Track and manage compliance findings, risks, and corrective action plans.
  • Collaborate with cross-functional teams to implement security and compliance controls.
  • Assist with security awareness and compliance training initiatives.
  • Prepare dashboards, reports, and metrics for management and stakeholders.
  • Support continuous improvement of GRC processes and controls.

Key Skills:

  • Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field.
  • 3+ years of experience in Governance, Risk & Compliance (GRC), Information Security, IT Audit, or Cybersecurity.
  • Strong understanding of risk management principles and compliance programs.
  • Experience with GRC platforms such as Archer, ServiceNow GRC, OneTrust, AuditBoard, or MetricStream.
  • Knowledge of security frameworks and standards including NIST CSF, ISO 27001, SOC 2, PCI DSS, HIPAA, SOX, GDPR, and CIS Controls.
  • Familiarity with security policies, controls, and regulatory requirements.
  • Excellent analytical, documentation, and communication skills.
  • Ability to work independently in a remote environment.

Salary (Rate): £45 yearly

City: undetermined

Country: USA

Working Arrangements: remote

IR35 Status: undetermined

Seniority Level: undetermined

Industry: Other

Detailed Description From Employer:

GRC (Governance, Risk & Compliance) Analyst

Location: Remote (USA)
Job Type: Contract

Job Summary

We are seeking a detail-oriented GRC Analyst to support and enhance our Governance, Risk, and Compliance program. The ideal candidate will have experience in risk assessments, compliance frameworks, security policies, audits, and third-party risk management. This role requires close collaboration with IT, Security, Legal, and business stakeholders to ensure compliance with regulatory and industry standards.

Key Responsibilities

  • Assist in the development, implementation, and maintenance of Governance, Risk, and Compliance (GRC) programs.

  • Conduct risk assessments and identify security, operational, and compliance risks.

  • Support internal and external audits by gathering evidence and coordinating audit activities.

  • Develop, review, and maintain security policies, standards, procedures, and documentation.

  • Monitor compliance with regulatory requirements and industry frameworks.

  • Perform third-party/vendor risk assessments and monitor remediation activities.

  • Track and manage compliance findings, risks, and corrective action plans.

  • Collaborate with cross-functional teams to implement security and compliance controls.

  • Assist with security awareness and compliance training initiatives.

  • Prepare dashboards, reports, and metrics for management and stakeholders.

  • Support continuous improvement of GRC processes and controls.

Required Qualifications

  • Bachelor''''s degree in Information Technology, Cybersecurity, Computer Science, or a related field.

  • 3+ years of experience in Governance, Risk & Compliance (GRC), Information Security, IT Audit, or Cybersecurity.

  • Strong understanding of risk management principles and compliance programs.

  • Experience with GRC platforms such as Archer, ServiceNow GRC, OneTrust, AuditBoard, or MetricStream.

  • Knowledge of security frameworks and standards including:

    • NIST CSF

    • ISO 27001

    • SOC 2

    • PCI DSS

    • HIPAA

    • SOX

    • GDPR

    • CIS Controls

  • Familiarity with security policies, controls, and regulatory requirements.

  • Excellent analytical, documentation, and communication skills.

  • Ability to work independently in a remote environment.

Preferred Qualifications

  • Professional certifications such as:

    • Certified Information Systems Security Professional (CISSP)

    • Certified Information Security Manager (CISM)

    • Certified in Risk and Information Systems Control (CRISC)

    • Certified Information Systems Auditor (CISA)

    • ISO 27001 Lead Implementer or Lead Auditor

  • Experience supporting cloud security compliance (Azure, AWS, or Google Cloud).

  • Knowledge of vulnerability management and security assessment processes.

Technical Skills

  • Risk Assessment & Risk Register Management

  • Compliance Monitoring

  • Internal & External Audit Support

  • Third-Party Risk Management (TPRM)

  • Policy & Procedure Development

  • Security Control Assessments

  • Incident & Exception Management

  • Vendor Risk Reviews

  • Microsoft Excel, Power BI, and Microsoft Office Suite

  • ServiceNow GRC, Archer, OneTrust, MetricStream, AuditBoard (preferred)

Nice to Have

  • Experience in financial services, healthcare, government, or other regulated industries.

  • Familiarity with cloud compliance frameworks and Zero Trust principles.

  • Experience with AI governance or emerging technology risk assessments.

This sample job description can be tailored for junior, mid-level, or senior GRC Analyst roles depending on your hiring needs.