GRC Analyst

A company is looking for a GRC (Governance, Risk, and Compliance) Analyst.

Key Responsibilities

Ensure compliance with DOJ / CISA requirements and coordinate external audits / assessments

Manage the execution of the SOC 2 program, including evidence collection and control testing

Oversee third-party risk management processes, including vendor due diligence and security reviews

Required Qualifications

2-4 years of experience in GRC, security compliance, or audit roles

Experience with SOC 2 programs, vendor risk management, or security questionnaires

Understanding of control mapping to frameworks like NIST CSF, SOC 2, or ISO 27001

Bachelor's degree in Information Security, Information Systems, Computer Science, or related field

Relevant certifications (e.g., CISA, CISSP, CISM) are highly valued but not required