Job Description:We are looking for a Security Governance, Risk, and Compliance (GRC) Analyst to support and mature our security and compliance programs across a large construction organization. This role focuses on maintaining security policies, strengthening vendor risk management, supporting CMMC Level 2 compliance, and helping build a data governance program.
What You'll Do- Lead security governance and risk management efforts
- Maintain and improve vendor risk management
- Support CMMC compliance and audits
- Help design and implement a data governance program
- Manage security policies, standards, and updates
- Partner with IT, legal, and business teams to embed security into daily work
- Deliver security training and promote awareness
What You Bring- 5 to 7 years of experience in GRC, cybersecurity, or compliance
- Experience with CMMC, NIST 800-171, or similar frameworks
- Strong understanding of risk management and security controls
- Experience building or managing security policies
- Ability to work across teams and influence stakeholders
Nice to Have- Experience in construction or industrial environments
- Familiarity with controlled unclassified information
- Certifications such as CISSP, CISM, CRISC, or CISA
- Experience with vendor risk or data governance tools
What Success Looks Like- Strong, adopted security policies
- Improved data governance practices
- Ongoing CMMC compliance
- Reduced risk across the organization
