GRC Analyst

Job Summary:

We’re looking for a detail-driven Governance, Risk & Compliance (GRC) Analyst to help strengthen our security posture, streamline compliance efforts, and support enterprise risk management. The ideal candidate has hands-on experience with modern security tools, cloud platforms, and GRC systems, and thrives in a fast-paced environment where structure and security really matter.

Key Responsibilities:

Governance & Compliance

• Support the development, implementation, and maintenance of information security policies, standards, and procedures.
• Assist with compliance initiatives such as ISO 27001, SOC 2, GDPR, PCI, or internal audit requirements.
• Coordinate evidence collection, audit readiness activities, and remediation tracking.
• Conduct policy reviews, risk assessments, and control testing on a recurring basis.

Risk Management

• Identify, assess, and monitor technology and business risks using platforms like ZenGRC and RSA Archer.
• Track mitigation plans, document risk exceptions, and support risk governance meetings.
• Assist in performing third-party/vendor risk assessments and monitoring controls over time.

Security Operations & Technology Support

• Monitor and interpret alerts, reports, and dashboards from tools including:
• Microsoft Azure (Security Center, Entra ID, Defender)
• Office 365 Security & Compliance Center
• CrowdStrike Falcon
• Mimecast (email security & threat intelligence)
• KnowBe4 (phishing simulations & awareness training)
• Partner with IT/security teams to follow up on incidents, analyze trends, and validate control effectiveness.

Security Awareness & Training

• Manage security awareness programs and phishing simulation campaigns using KnowBe4.
• Provide reporting and insights to improve user behavior and reduce organizational risk.

Documentation & Reporting

• Maintain accurate documentation of risks, controls, incidents, and assessments.
• Generate reports for leadership on compliance status, residual risk, control gaps, and overall security posture.
• Support continuous improvement of GRC workflows and automation using ZenGRC or Archer.

Required Skills & Qualifications

• Bachelor’s degree in Information Security, Computer Science, or a related discipline (or equivalent experience).
• 2–5 years of experience in GRC, cybersecurity, audit, or IT risk management.
• Working knowledge of:
• Azure security features and O365 security/compliance tools
• CrowdStrike Falcon endpoint protection
• Mimecast email security
• KnowBe4 security awareness platform
• ZenGRC and/or RSA Archer
• Understanding of common security frameworks (NIST CSF, ISO 27001, CIS Controls).
• Strong communication and documentation skills.
• Ability to analyze data, identify patterns, and recommend actionable improvements.