What are the responsibilities and job description for the GOVERNANCE, RISK, AND COMPLIANCE ANALYST position at Access Data Consulting Corporation?
Job Title: Governance, Risk, and Compliance Analyst (GRC)
Location: Phoenix - Hybrid (within a one hour commute)
Due to Government restrictions this position is open only to US citizens and Green Card Holders. No C2C or third parties will be considered.
Our client is an organization dedicated to protecting enterprise data and modernizing digital systems. We are seeking a Governance, Risk, and Compliance Analyst to join their security team. In this role, you will bridge the gap between technical infrastructure and regulatory frameworks, ensuring digital services remain secure and fully compliant.
Here’s What You’ll Be Doing
Location: Phoenix - Hybrid (within a one hour commute)
Due to Government restrictions this position is open only to US citizens and Green Card Holders. No C2C or third parties will be considered.
Our client is an organization dedicated to protecting enterprise data and modernizing digital systems. We are seeking a Governance, Risk, and Compliance Analyst to join their security team. In this role, you will bridge the gap between technical infrastructure and regulatory frameworks, ensuring digital services remain secure and fully compliant.
Here’s What You’ll Be Doing
- Evaluating and analyzing technology environments across Windows and Unix platforms to perform risk assessments, control reviews, and compliance audits.
- Designing and mapping data models, operational data flows, and detailed system activity diagrams to track enterprise information dependencies.
- Formulating and documenting comprehensive audit findings, remediation strategies, and structured Plans of Action and Milestones (POA&Ms) in alignment with regulatory standards.
- Partnering and communicating with cross-functional business units and technical project managers to translate security requirements into scalable operational workflows and user adoption materials.
- Researching and updating institutional information security plans, internal control policies, and system authorization strategies to proactively mitigate compliance risks.
- Framework mastery utilizing NIST 800-53 (Revision 5) to build, assess, and audit institutional risk management structures.
- Proven background in the Risk Management Framework (RMF), specifically guiding complex information systems through formal security control selection, verification, and approval cycles.
- Strong multi-platform technical literacy, including practical experience auditing or navigating Windows and Unix operating environments, databases, or network architectures.
- Excellent communication skills, with a track record of translating cybersecurity regulations (such as HIPAA, CJIS, or similar frameworks) into quality documentation for senior leadership.
- Preferred: Active security certifications (such as CISSP, CCSP, CAP, GSNA, or GSTRT) and previous exposure to technical project management methodologies.