What You'll DoAs an Experienced GRC Analyst, you'll be the trusted advisor our clients count on - helping them build stronger, safer businesses through world-class cybersecurity and GRC strategies. You will:
- Lead assessments and audits of security and IT control environments
- Design, implement, and mature cybersecurity and compliance programs
- Develop risk registers, conduct risk assessments, and track remediation efforts
- Create and refine policies, standards, and procedures that align with top frameworks (SOC 2, ISO 27001, NIST CSF, HIPAA, HITRUST, and more)
- Guide third-party vendor risk management programs
- Prepare clients for internal audits and external assessments
- Translate technical, regulatory, and business requirements into clear, actionable solutions
- Mentor junior analysts and contribute to the growth of our GRC practice
You won't be stuck doing the same thing every day - you'll work on diverse, challenging projects across multiple industries, helping world-class organizations tackle their most critical security and compliance needs.
What You Bring- 5+ years of hands-on experience in GRC, cybersecurity, IT audit, risk management, or a related field
- Deep expertise in cybersecurity fundamentals and IT control frameworks
- Strong working knowledge of compliance standards (e.g., SOC 2, ISO 27001, NIST CSF, HIPAA, HITRUST)
- A track record of delivering high-quality client service, managing projects, and driving results
- Excellent writing skills - you can translate complexity into clear, polished deliverables
- Outstanding critical thinking, problem-solving, and organizational skills
- A high level of accountability, ownership, and professional maturity
- Curiosity, creativity, and a proactive, solutions-first mindset
- Comfort working independently in a fast-paced, remote environment
Bonus Points if you have industry certifications such as CISA, CISM, CISSP, CRISC, or are actively pursuing one.
Requirements- Authorized to work in the U.S. with permanent work authorization
- Able to pass a background check
- Reliable high-speed internet and a secure remote work setup
We offer:- Cybersecurity strategy and program development
- Fully managed programs, from implementation to maturation and remediation
- One-time projects like policies, audits, risk assessments, incident response planning, and more
- Support across top compliance frameworks like SOC 2, NIST CSF, ISO 27001, HITRUST, and others
Whatever the challenge, we're ready to solve it - with precision, expertise, and heart.
