Job Description
Job Description
We are seeking a detail-oriented and analytical GRC Analyst to support an organization's governance, risk management, and compliance initiatives. The ideal candidate will play a key role in identifying, assessing, and mitigating risks while ensuring compliance with internal policies, industry standards, and regulatory requirements.
Responsibilities:
Governance & Policy Management
- Assist in the development, implementation, and maintenance of GRC policies, procedures, and frameworks.
- Support internal audits and policy reviews to ensure alignment with best practices and regulatory standards.
Risk Management
- Identify, assess, and monitor operational, financial, and IT risks.
- Maintain risk registers and support risk mitigation planning and execution.
- Conduct risk assessments for new projects, vendors, and technologies.
Compliance Monitoring
- Ensure compliance with relevant laws, regulations, and standards (e.g., SOX, GDPR, CMMC, ISO 27001).
- Coordinate with internal teams to track and remediate compliance issues.
- Prepare documentation and reports for audits and regulatory reviews.
Reporting & Analysis
- Generate regular reports and dashboards on risk and compliance metrics.
- Analyze trends and provide insights to improve risk posture and compliance maturity.
Training & Awareness
- Support the development and delivery of GRC-related training and awareness programs.
- Promote a culture of risk awareness and compliance across the organization.
Qualifications:
- 2–4 years of experience in GRC, risk management, compliance, or audit.
- Familiarity with GRC tools.
- Knowledge of regulatory frameworks and standards (e.g., NIST, ISO, SOC 2).
- Strong analytical, organizational, and communication skills.
- Ability to work independently and collaboratively in a fast-paced environment.
Preferred Certifications:
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- ISO 27001 Lead Implementer or Auditor