GRC Analyst, Operations & Risk

RESPONSIBILITIES:

• Support day-to-day GRC program operations – manage and triage GRC intakes and accurate tracking through resolution

• Perform and support third-party risk management activities, including vendor reviews, reassessments, partner coordination, remediation tracking, and cross-functional follow-up with Security, Legal, Privacy, Procurement, IT, Finance, and business owners

• Assist with risk program management activities

• Support security compliance monitoring and audit readiness activities, managing audit request lists and taking ownership of gathering security audit evidence to verify compliance with internal policies / regulations and industry best practices

• Coordinate security awareness and training program management activities

QUALIFICATIONS:

• 2+ years of experience in GRC, third-party risk management, security compliance, internal audit, risk management, or a related function

• Deep understanding of Cybersecurity compliance frameworks and cybersecurity compliance controls – ISO 27001, NIST CSF, COSO, SOC 2, PDI-DSS

• Possess a strong risk mindset, exceptional attention to detail, and the ability to apply critical thinking when assessing complex issues and control gaps

• Highly organized and strong operational discipline ensuring clear and expedient escalations with informed recommendations to management

• Superior interpersonal and communication skills – verbal and written

• Being a team player and working to achieve common goal in a dynamic setting

• Strong commitment to embracing and leveraging AI tools in day-to-day tasks, ensuring AI-assisted work aligns with the same high-quality standards as personal contributions.

• A minimum bachelor’s degree in any discipline. Computer science, cyber security and risk or technology degrees preferred. CISA or CRISC certification preferred