Experienced or Senior GRC Analyst

Hotman Group LLC

$90K — $120K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years of experience in GRC, cybersecurity, IT audit, or related field
  • Expertise in cybersecurity fundamentals and IT control frameworks
  • Strong knowledge of compliance standards such as SOC 2, ISO 27001, and HIPAA
  • Proven track record in client service and project management
  • Exceptional writing skills for clear and polished deliverables
  • Strong critical thinking, problem-solving, and organizational abilities
  • Proactive outlook and ability to work independently in a remote environment
  • Bonus: Industry certifications (CISA, CISM, CISSP, CRISC) or in-progress certifications

Responsibilities

  • Lead security and IT control assessments and audits
  • Design and enhance cybersecurity and compliance programs
  • Develop risk registers and manage remediation efforts
  • Create policies and procedures aligned with top frameworks
  • Oversee third-party vendor risk management
  • Prepare clients for internal and external audits
  • Translate technical and regulatory requirements into actionable solutions
  • Mentor junior analysts to grow the GRC practice

Benefits

  • Comprehensive cybersecurity strategy and program development
  • Management of programs from implementation to remediation
  • Execution of one-time projects like audits and incident response
  • Support for compliance with various frameworks
Full Job Description
What You'll Do

As an Experienced GRC Analyst, you'll be the trusted advisor our clients count on - helping them build stronger, safer businesses through world-class cybersecurity and GRC strategies. You will:
  • Lead assessments and audits of security and IT control environments
  • Design, implement, and mature cybersecurity and compliance programs
  • Develop risk registers, conduct risk assessments, and track remediation efforts
  • Create and refine policies, standards, and procedures that align with top frameworks (SOC 2, ISO 27001, NIST CSF, HIPAA, HITRUST, and more)
  • Guide third-party vendor risk management programs
  • Prepare clients for internal audits and external assessments
  • Translate technical, regulatory, and business requirements into clear, actionable solutions
  • Mentor junior analysts and contribute to the growth of our GRC practice

You won't be stuck doing the same thing every day - you'll work on diverse, challenging projects across multiple industries, helping world-class organizations tackle their most critical security and compliance needs.

What You Bring
  • 5+ years of hands-on experience in GRC, cybersecurity, IT audit, risk management, or a related field
  • Deep expertise in cybersecurity fundamentals and IT control frameworks
  • Strong working knowledge of compliance standards (e.g., SOC 2, ISO 27001, NIST CSF, HIPAA, HITRUST)
  • A track record of delivering high-quality client service, managing projects, and driving results
  • Excellent writing skills - you can translate complexity into clear, polished deliverables
  • Outstanding critical thinking, problem-solving, and organizational skills
  • A high level of accountability, ownership, and professional maturity
  • Curiosity, creativity, and a proactive, solutions-first mindset
  • Comfort working independently in a fast-paced, remote environment

Bonus Points if you have industry certifications such as CISA, CISM, CISSP, CRISC, or are actively pursuing one.

Requirements
  • Authorized to work in the U.S. with permanent work authorization
  • Able to pass a background check
  • Reliable high-speed internet and a secure remote work setup


We offer:
  • Cybersecurity strategy and program development
  • Fully managed programs, from implementation to maturation and remediation
  • One-time projects like policies, audits, risk assessments, incident response planning, and more
  • Support across top compliance frameworks like SOC 2, NIST CSF, ISO 27001, HITRUST, and others

Similar Jobs

More Information Technology Jobs

Find similar Experienced or Senior GRC Analyst jobs: