GRC Analyst

Title: GRC Analyst

Location: Portland, OR Onsite role

Duration: Full Time/Permanent

Job description:

We are seeking a detail-oriented and technically proficient Principal GRC Analyst to join our Information Security team, with a focus on validating and testing security controls across the enterprise. This role will serve as the most senior member of a small team focused on validating the effectiveness of information security controls. It is ideal for professionals with 8 or more years of experience in GRC, IT audit, or cybersecurity operations who have supervised IT control testing teams and are passionate about driving continuous improvement.

• Plan, lead, and execute control validation and testing activities across various domains (e.g., access management, vulnerability management, incident response, data protection).
• Mentor junior analysts, providing guidance on control validation methodologies and best practices while fostering a culture of accountability
• Provide subject matter expertise regarding information security control validation and compliance frameworks to the CDT organization and its business partners
• Document control issues and collaborate with stakeholders to develop remediation recommendations
• Develop and enhance control testing methodologies, procedures, and reporting mechanisms
• Prepare risk reports and dashboards for management and governance committees.

• Influence the evolution of the GRC program through maturing tools, automation, processes, and metrics, and processes.

• Experienced and Passionate: You are a seasoned security professional with a passion for governance, risk, and compliance
• Methodical and Pragmatic: You approach control testing with precision and can identify pragmatic solutions to addressing risks
• Self-Motivated and Curious: You are driven to understand the "why", you thoughtfully investigate complex issues and ask probing questions
• Leadership-Oriented: You demonstrate initiative and are experienced in mentoring and developing others
• Relationship Driven: You build rapport and support your team and colleagues across functions
• Influential Communicator: Whether in writing or verbally, you can effectively explain technical concepts and risks to colleagues and management without excessive jargon.

• Bachelor’s degree in a technical field such as cybersecurity or business information systems
• Security certifications such as CISSP, CISA, CRISC, Sec , or CC preferred.
• Minimum 8 years’ experience in GRC, IT audit, or information security within mid-size to large corporate environment
• Proven expertise in cybersecurity frameworks such as NIST CSF or ISO 27001
• Hands-on experience in leading IT audits, risk assessments, or compliance programs