Information Security GRC Analyst

• Assist in the development, implementation, and assessment of information security policies, standards, and procedures aligned to industry frameworks and regulatory compliance (HIPAA, SEC, FTC, NIST CSF, ISO 27001, SOC 2, CMMC, etc.) 
• Assist with risk assessments, gap analyses, and control evaluations across multiple client engagements simultaneously across various industries 
• Participate in the development of risk registers, risk treatment plans, and remediation roadmaps 
• Assist with third-party/vendor risk assessments and due diligence activities 
• Document findings, prepare client-facing reports, and contribute to presentations and deliverables 
• Support audit readiness activities and facilitate evidence collection for audits and assessments 
• Stay current on emerging threats, regulatory changes, and evolving GRC best practices 
• Collaborate with GRC consultants and vCISOs to deliver engagements on time and within scope 
• Support the configuration, data entry, and maintenance of GRC tooling and platforms used to manage client compliance programs  
• Other responsibilities as assigned by management.

• 1–2 years of experience in GRC, cybersecurity, IT audit, or a related discipline 
• Foundational knowledge of security frameworks such as NIST CSF, ISO 27001, or CIS Controls 
• Strong written and verbal communication skills, with the ability to convey technical concepts to non-technical audiences 
• Ability to manage multiple tasks and deadlines in a fast-paced, client-driven environment 
• Proficiency in Microsoft Office Suite (Word, Excel, PowerPoint) 
• Strong analytical skills and attention to detail
• Strong problem‑solving and critical‑thinking abilities. 
• Ability to manage multiple engagements and deadlines. 
• Collaborative, customer‑centric mindset. 
• High integrity and commitment to confidentiality.

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Business, or a related field 
• Relevant certifications or progress toward: CompTIA Security+, CISA, CRISC, or GRC Professional 
• Familiarity with GRC platforms such as Apptega, StandardFusion, or ControlMap 
• Experience with cloud environments (AWS, Azure, GCP) and associated compliance considerations 
• Experience with security awareness training platforms (KnowBe4, InfoSec IQ) 

Starting Compensation Range: $65,000 per year

The salary for this position is commensurate with experience, skills, and qualifications. The range is intended to reflect our commitment to attracting top talent, and the final offer will be based on factors including, but not limited to, the candidate's previous experience, expertise in the field, relevant certifications, and the specific requirements of the role. In addition, internal equity, market trends, and geographic location may also influence the final salary.

• Committed to Client Success: Our actions and our words always align with the best interest of the client.

• One Team: We work collaboratively to overcome challenges with humility and respect and do what it takes to find innovative solutions.

• Integrity: We are unquestionably committed to doing the right thing even when it is hard.

• Accountability: We hold ourselves and each other accountable for keeping our commitments to our clients, our communities, and one another.

• Transparency: We create open lines of communication with each other and our clients, fostering relationships founded on candor and trust.

Powered by JazzHR