Governance, Risk, and Compliance (GRC) Analyst

Governance, Risk, and Compliance (GRC) Analyst

Location: Phoenix, AZ (Hybrid – local candidates only)

Position Type: Contract (4 months, contract-to-hire)

Start Time: 8:00 AM – 5:00 PM (Day Shift)

Education: Bachelor’s Degree required

Security: Background check & drug screening (HireRight) required

Position Summary

Seeking a Governance, Risk, and Compliance (GRC) Analyst / Information Security Analyst (ISA) to support enterprise security, risk management, compliance, and audit activities.

The role focuses on ensuring IT systems, policies, and processes comply with federal, state, and industry security standards, while supporting audits, risk assessments, and governance reporting.

You will work closely with business units, IT teams, and leadership to gather requirements, assess risks, document findings, and improve security controls across systems.

Key Responsibilities

Risk & Compliance Management

• Conduct risk assessments and security audits
• Identify non-compliance issues and recommend remediation actions
• Develop POA&M (Plan of Action and Milestones) reports
• Track findings and ensure corrective actions are completed
• Investigate suspicious or unusual system/network activity

Audit & Reporting

• Prepare audit documentation and formal findings reports
• Ensure audit outputs meet agency and regulatory standards
• Draft and edit security audit findings and reports
• Maintain compliance documentation accuracy and consistency

Security Governance

• Review and update security policies, risk plans, and audit plans
• Ensure alignment with frameworks such as:
• NIST 800-53 Rev 5
• IRS Pub 1075
• CJIS
• MARS-E
• HITRUST / IPAA standards
• Support Risk Management Framework (RMF) processes

Business & Technical Collaboration

• Work with business units to gather reporting and data requirements
• Develop data flows, system diagrams, and logical/physical models
• Translate business needs into technical security requirements
• Support project managers with requirements gathering and documentation

Documentation & Enablement

• Develop training materials and user adoption documentation
• Maintain key project artifacts and governance records
• Communicate risks, findings, and recommendations to stakeholders
• Support continuous improvement of security processes

Required Skills & Qualifications

Technical & Security Knowledge

• Information Security Risk Management
• Internal auditing and internal controls
• Security frameworks: NIST 800-53 R5, RMF
• Windows and/or Unix system environments
• Basic understanding of databases, networking, and IT systems
• Cybersecurity and privacy compliance knowledge

Regulatory Knowledge

• CJIS compliance
• IRS Pub 1075
• MARS-E standards
• HITRUST / IPAA frameworks

Core Competencies

• Strong analytical and risk assessment skills
• Ability to write detailed audit and compliance reports
• Excellent written and verbal communication
• Ability to work across technical and non-technical teams
• Strong organizational and documentation skills
• Ability to manage multiple priorities in a fast-paced environment

Preferred Qualifications

• Experience in Project Management
• Certifications such as:
• CISSP
• CCSP
• CAP (Certified Authorization Professional)
• GSNA / GSTRT or related security certifications

Additional Requirements

• Must be local to Phoenix, AZ (within 1-hour commute)
• Must be available for in-person interviews
• Must be eligible for contract-to-hire conversion
• No visa sponsorship available
• Must start within 2 weeks of offer