Position Overview: We are seeking a motivated and detail-oriented GRC Analyst to join our Information Security team. This role will support the organization's governance, risk, and compliance initiatives, focusing on regulatory and framework alignment, third-party risk management, risk lifecycle processes, and policy governance.
The ideal candidate will have foundational knowledge of information security principles, strong analytical skills, and a willingness to learn and grow within the GRC space, especially in platforms such as ServiceNow GRC.
Key Responsibilities Compliance & Framework Support - Assist in the implementation, maintenance, and monitoring of compliance frameworks (e.g., NIST, ISO 27001, SOX, SOC2, CIS, etc.)
- Support internal and external audit activities, including evidence collection and control validation
- Track and report on compliance status, gaps, and remediation efforts
Third-Party Risk Management (TPRM) - Conduct vendor risk assessments and due diligence reviews
- Analyze third-party security posture and identify potential risks
- Maintain vendor inventory and track risk treatment activities
- Collaborate with business owners to ensure appropriate risk mitigation
Risk Management - Support the execution of the Information Security risk management lifecycle
- Assist with risk identification, assessment, documentation, and tracking
- Help maintain risk registers and ensure risks are properly escalated and monitored
- Partner with stakeholders to support risk remediation planning
Policy Governance - Assist in drafting, reviewing, and maintaining information security policies, standards, and procedures
- Facilitate policy review cycles, approvals, and documentation updates
- Ensure alignment with regulatory requirements and industry best practices
GRC Tooling & Process Support - Support and learn the administration and use of ServiceNow GRC
- Assist in configuring workflows, tracking activities, and improving GRC processes
- Help identify opportunities for automation and process optimization
Qualifications: Required - Bachelor's degree in Information Security, Cybersecurity, IT, or related field (or equivalent experience)
- 1-3 years of experience in information security, risk, compliance, or audit (internships acceptable)
- Basic understanding of security frameworks and regulatory requirements
- Strong analytical, organizational, and documentation skills
- Excellent written and verbal communication skills
Preferred - Exposure to frameworks such as NIST, ISO 27001, SOC 2, or CIS
- Security or compliance certifications (e.g., CISM, CRISC, CISSP, CGEIT, or CISA).
- Experience with third-party risk management processes
- Familiarity with risk management concepts and methodologies
- Exposure to GRC tools (ServiceNow GRC preferred, but not required)
Key Competencies - Detail-oriented with strong follow-through
- Ability to manage multiple priorities and deadlines
- Collaborative mindset with cross-functional teams
- Curiosity and willingness to learn new tools and frameworks
- Strong problem-solving and critical-thinking skills
Why Join Us - Opportunity to grow within a maturing GRC program
- Exposure to a wide range of security, compliance, and risk disciplines
- Hands-on experience with industry-standard tools like ServiceNow GRC
- Collaborative and supportive team environment
