GRC Analyst

We’re looking for problem solvers, innovators, and collaborators who are passionate about strengthening governance, risk, and compliance practices. Like us, you are someone who values continuous learning, teamwork, and process improvement while helping organizations maintain strong security and compliance foundations. You value inclusivity and want to work in an environment that encourages growth, collaboration, and accountability. 

Position Overview 

We are seeking a Governance-focused GRC (Governance, Risk, and Compliance) Analyst to support the organization’s information security governance and compliance initiatives. This role will focus on governance processes, policy management, compliance coordination, risk assessments, governance documentation, and cross-functional collaboration. 

The ideal candidate will assist in maintaining security policies and standards, support governance and compliance reviews, contribute to audit readiness activities, and help improve governance processes aligned with organizational and regulatory requirements. 

This role requires strong communication, analytical, and documentation skills with the ability to communicate security and compliance requirements in a clear and business-focused manner. 

Key Responsibilities 

Governance & Compliance 

• Assist in the development, review, and maintenance of information security policies, standards, procedures, and governance of documentation. 

• Support governance and compliance initiatives aligned with frameworks such as NIST CSF, ISO 27001, and SOC 2. 

• Coordinate policy reviews and maintain governance of documentation and evidence of repositories. 

• Contribute to governance awareness and compliance communication activities across teams. 

• Support audit readiness activities including documentation review, evidence collection, and remediation tracking. 

Risk Management 

• Conduct routine risk assessments and support third-party/vendor risk review activities. 

• Identify control gaps, document findings, and recommend mitigation actions. 

• Assist in maintaining risk registers and remediation tracking activities. 

• Support continuous improvement initiatives related to governance and compliance processes. 

• Monitor regulatory changes and emerging governance best practices. 

Collaboration & Communication 

• Collaborate with Security, IT, Legal, Privacy, and business teams to support governance and compliance initiatives. 

• Communicate governance updates, compliance findings, and risks to technical and non-technical stakeholders. 

• Escalate identified compliance or governance concerns through appropriate reporting channels. 

• Support coordination between teams to ensure timely completion of audit and remediation activities. 

• Utilize GRC platforms and automation tools to support governance and compliance workflows. 

Required Qualifications 

• Bachelor’s degree in Cybersecurity, Information Technology, Business Administration, Risk Management, or related field. 

• 2+ years of experience in Governance, Risk & Compliance (GRC), compliance, audit support, information security governance, or related areas. 

• Basic understanding of security and compliance frameworks such as PCI, HIPAA, ISO 27001, SOC 2, and GDPR. 

• Experience supporting policy management, governance documentation, audit activities, or risk assessment processes. 

• Familiarity with third-party/vendor risk management concepts. 

• Strong written and verbal communication skills are important. 

• Good analytical, organizational, and documentation skills. 

• Ability to work collaboratively in a fast-paced environment and manage multiple priorities. 

Preferred Qualifications 

• Experience with GRC tools or compliance management platforms. 

• Familiarity with governance reporting, remediation tracking, or compliance workflows. 

• Exposure to customer security questionnaires or due diligence requests is an advantage. 

• Knowledge of privacy regulations such as GDPR, CCPA, or PDPA is a plus. 

• Professional certifications such as CISA, CRISC, ISO 27001 Lead Implementer/Auditor, or related certifications are preferred but not mandatory.