Position SummaryThe Governance, Risk & Compliance (GRC) Analyst is responsible for supporting and maintaining the organization's cybersecurity governance, risk management, and compliance programs. This role works across Information Security, Engineering, Product, IT, and business stakeholders to ensure compliance with applicable regulatory, contractual, and industry security requirements.
The GRC Analyst will assist in maintaining compliance with the NIST Cybersecurity Framework (NIST CSF), Cybersecurity Maturity Model Certification (CMMC), Cyber Essentials Plus, SOC 2, and ISO/IEC 27001 requirements through evidence collection, control monitoring, risk assessments, audit support, policy management, and remediation tracking.
Key ResponsibilitiesCompliance & Audit Management - Maintain compliance programs aligned with NIST CSF, CMMC, Cyber Essentials Plus, SOC 2, and ISO/IEC 27001.
- Coordinate internal and external audits, assessments, and attestation activities.
- Collect, validate, and maintain compliance evidence and audit artifacts.
- Track audit findings and remediation activities through completion.
- Support control testing and validation to ensure ongoing compliance.
Governance & Risk Management - Conduct security risk assessments and assist with enterprise risk management activities.
- Maintain risk registers, track mitigation plans, and monitor remediation progress.
- Assist with development and maintenance of security policies, standards, procedures, and guidelines.
- Monitor security and compliance control effectiveness and identify opportunities for improvement.
- Support control mapping and crosswalk activities across multiple compliance frameworks.
Third-Party Risk Management - Perform security reviews of vendors, suppliers, and third-party service providers.
- Track vendor assessment findings and remediation activities.
- Support ongoing monitoring of third-party security and compliance risks.
Customer & Regulatory Support - Respond to customer security questionnaires, due diligence requests, and compliance inquiries.
- Support sales and customer-facing teams with security documentation and assurance materials.
- Assist with documenting compliance posture and security program maturity.
Program Administration - Maintain GRC platforms and compliance repositories.
- Develop metrics, dashboards, and compliance reporting for management.
- Coordinate annual security awareness, compliance, and policy review activities.
- Support continuous improvement initiatives across the security and compliance program.
Required Qualifications- Bachelor's degree in Cybersecurity, Information Security, Information Systems, Business, or related field (or equivalent experience).
- 3+years of experience in Governance, Risk, and Compliance, Information Security, Audit, or related disciplines.
- Working knowledge of:
- NIST Cybersecurity Framework (CSF)
- CMMC
- Cyber Essentials Plus
- ISO/IEC 27001
- SOC 2
- Risk assessment methodologies
- Experience supporting audits, assessments, or certification activities.
- Strong written communication, documentation, and organizational skills.
- Ability to manage multiple priorities and deadlines in a fast-paced environment.
Benefits at Babel Street (just to name a few...)- Health Benefits: Babel Street covers 85-100% monthly premium costs for Medical, Dental, Vision, Life & Disability insurances - for you and your family!
- Retirement Plans: Babel Street offers both a Traditional and Roth 401(K) with a very competitive match.
- Unlimited Flexible Leave: We trust our employees to manage their own time and balance their personal and work lives.
- Holidays: Babel Street provides employees with 12 paid Federal Holidays
- Tuition Reimbursement: We are committed to investing in our employees. One way we do that is with our Tuition Reimbursement Program for continuing education.
Range for this position based on qualifications and experience
$80,000-$125,000 USD