Seeking a senior-level GRC Analyst to support enterprise governance, risk, and compliance functions across a regulated environment. This role focuses on risk management, cybersecurity compliance, audit readiness, and security control oversight aligned with industry frameworks and regulatory standards. This is an individual contributor role requiring strong cross-functional collaboration and executive-level communication.
Roles and Responsibilities
- Lead enterprise risk assessments and support ongoing risk management programs.
- Drive audit readiness activities and coordinate internal and external audit responses.
- Evaluate, design, and oversee security control implementation and effectiveness.
- Ensure compliance with cybersecurity frameworks such as NIST 800-53 and NIST CSF.
- Support regulatory compliance efforts across CJIS, HIPAA, and/or PCI-DSS environments.
- Collaborate with Security, IT, Audit, Legal, and Business teams to ensure alignment on risk and compliance objectives.
- Identify control gaps and recommend remediation strategies to reduce enterprise risk exposure.
- Maintain governance, risk, and compliance documentation and reporting artifacts.
Required Qualifications
- Bachelor’s degree required (Master’s preferred) in Cybersecurity, Information Assurance, or related field.
- 6–10+ years of experience in cybersecurity, risk management, compliance, or IT audit.
- Strong knowledge of NIST frameworks (800-53 and/or CSF).
- Experience working in regulated environments such as CJIS, HIPAA, and/or PCI-DSS.
- Proven experience leading enterprise risk assessments, audit readiness, and control oversight.
- Strong stakeholder management and cross-functional collaboration skills.
- Senior-level communication and influencing abilities (individual contributor role, no direct reports).
Preferred Certifications
- CISSP
- CRISC
- CISA
- CIPP/US, CIPM, CIPT
- CHPS
- PCI certifications (ISA or QSA)