We are seeking a detail-oriented and analytical GRC Analyst to support an organization's governance, risk management, and compliance initiatives. The ideal candidate will play a key role in identifying, assessing, and mitigating risks while ensuring compliance with internal policies, industry standards, and regulatory requirements.

Responsibilities:

Governance & Policy Management

• Assist in the development, implementation, and maintenance of GRC policies, procedures, and frameworks.
• Support internal audits and policy reviews to ensure alignment with best practices and regulatory standards.

Risk Management

• Identify, assess, and monitor operational, financial, and IT risks.
• Maintain risk registers and support risk mitigation planning and execution.
• Conduct risk assessments for new projects, vendors, and technologies.

Compliance Monitoring

• Ensure compliance with relevant laws, regulations, and standards (e.g., SOX, GDPR, CMMC, ISO 27001).
• Coordinate with internal teams to track and remediate compliance issues.
• Prepare documentation and reports for audits and regulatory reviews.

Reporting & Analysis

• Generate regular reports and dashboards on risk and compliance metrics.
• Analyze trends and provide insights to improve risk posture and compliance maturity.

Training & Awareness

• Support the development and delivery of GRC-related training and awareness programs.
• Promote a culture of risk awareness and compliance across the organization.

Qualifications:

• 2–4 years of experience in GRC, risk management, compliance, or audit.
• Familiarity with GRC tools.
• Knowledge of regulatory frameworks and standards (e.g., NIST, ISO, SOC 2).
• Strong analytical, organizational, and communication skills.
• Ability to work independently and collaboratively in a fast-paced environment.

Preferred Certifications:

• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• ISO 27001 Lead Implementer or Auditor