Cyber GRC Analyst

Salary- $70K/yr - $90K/yr
Remote
Posted 1 month ago

Job Summary

We are seeking a detail-oriented and proactive Cyber GRC Analyst to support the organization’s cybersecurity governance, risk management, and compliance initiatives. The ideal candidate will assist in identifying cyber risks, maintaining compliance with industry regulations and security frameworks, supporting audits, and helping strengthen the overall cybersecurity posture of the organization.

Job Description

The Cyber GRC Analyst serves as a key member of the Governance, Risk, and Compliance team, responsible for assessing cybersecurity risks, monitoring compliance requirements, developing security policies, and supporting audit activities. This role works closely with Information Security, IT, Legal, Internal Audit, and Business stakeholders to ensure security controls align with regulatory and business requirements.

Key Responsibilities

  • Conduct cybersecurity risk assessments and risk analyses.
  • Identify, document, and track security risks and mitigation plans.
  • Support compliance efforts related to NIST, ISO 27001, SOC 2, PCI DSS, HIPAA, and other frameworks.
  • Assist with internal and external security audits.
  • Review and maintain cybersecurity policies, standards, and procedures.
  • Monitor regulatory and compliance changes affecting cybersecurity programs.
  • Maintain risk registers and compliance documentation.
  • Track remediation activities and ensure timely closure of findings.
  • Support third-party/vendor security assessments.
  • Develop governance and compliance reports for management.
  • Assist in control testing and security assessments.
  • Collaborate with business units to ensure compliance requirements are met.
  • Support cybersecurity awareness and policy training initiatives.

Required Qualifications

  • Bachelor’s degree in Cybersecurity, Information Technology, Information Security, Risk Management, or related field.
  • 2–5 years of experience in Cybersecurity, Risk Management, Compliance, Audit, or Governance.
  • Knowledge of cybersecurity frameworks and industry regulations.
  • Strong analytical and documentation skills.
  • Excellent communication and stakeholder management abilities.

Preferred Qualifications

  • Experience with GRC platforms such as ServiceNow GRC, Archer, OneTrust, or MetricStream.
  • Experience supporting SOC 2, ISO 27001, HIPAA, PCI DSS, or FedRAMP audits.
  • Understanding of cloud security environments (AWS, Azure, GCP).
  • Experience conducting vendor risk assessments.
  • Familiarity with cybersecurity operations and security controls.

Key Responsibilities by Position Level

Junior Cyber GRC Analyst

  • Perform compliance reviews.
  • Update risk registers.
  • Assist with audit preparation.
  • Maintain security documentation.
  • Support evidence collection activities.

Mid-Level Cyber GRC Analyst

  • Lead risk assessments.
  • Conduct control testing.
  • Manage compliance initiatives.
  • Support regulatory audits.
  • Develop governance reports.

Senior Cyber GRC Analyst

  • Lead enterprise risk management activities.
  • Design governance frameworks.
  • Advise leadership on cyber risk strategies.
  • Manage audit and compliance programs.
  • Oversee third-party risk management processes.

Technical Skills

  • Risk Assessment & Risk Management
  • Cybersecurity Governance
  • Security Control Evaluation
  • Audit Management
  • Vendor Risk Management
  • Compliance Monitoring
  • Security Policy Development
  • Microsoft Excel & Reporting Tools
  • ServiceNow GRC
  • NIST Cybersecurity Framework
  • ISO 27001
  • SOC 2
  • PCI DSS
  • HIPAA

Certifications Preferred

  • Certified Information Systems Auditor (CISA)
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Information Security Manager (CISM)
  • CompTIA Security+
  • Certified in Governance of Enterprise IT (CGEIT)
  • ISO 27001 Lead Auditor

Job Features

Job CategoryGRC

Apply For This Job

A valid phone number is required.