GRC Analyst

GRC Analyst

Requirements

• Experience with governance and policy management in a cybersecurity context
• Familiarity with compliance frameworks such as SOC 2, ISO 27001, ISO 27701, ISO 42001, GDPR, and NIST
• Ability to conduct risk assessments and document findings
• Experience in coordinating audit activities and preparing audit documentation
• Knowledge of vendor management and third-party risk assessments
• Technical understanding of security controls and their implementations

Responsibilities

• Maintain and update the Master Controls Register with mappings to frameworks
• Track control ownership, implementation status, and evidence requirements
• Assist in drafting, updating, and version-controlling security and compliance policies
• Support ongoing risk assessments and periodic risk reviews
• Document risk findings, mitigation plans, owners, and timelines in the Risk Register
• Coordinate readiness activities for internal and external audits
• Prepare and organize audit artifacts and walkthrough documentation
• Maintain the vendor inventory and classify vendors based on risk levels
• Assist in the design and implementation of new security controls
• Conduct control effectiveness testing and control gap analysis

Preferred Qualifications

No preferred qualifications provided.