Senior GRC Analyst

Security AnalystSecurity AnalystFull TimeRemoteSeniorTeam 51-200

Location

United States

Posted

1 day ago

Salary

$115K - $145K / year

Seniority

Senior

No structured requirement data.

Job Description

Senior GRC Analyst

Compyl

Role Description Our customers don't just need a platform that tracks their GRC program. They need a trusted voice who can help them think through it. As a Senior GRC Analyst, you'll be the person customers turn to when a risk assessment gets complicated, an audit raises an unexpected question, or a policy needs to be adapted to their specific environment. This role goes beyond process execution and platform support. You'll bring real GRC judgment to every customer interaction, recognizing when a question is more complex than it looks, and guiding customers through it with the confidence of someone who has actually done this work before. What You'll Do - Serve as a hands-on GRC advisor for a portfolio of customers, guiding them through risk assessments, risk registers, audit preparation, and control rollouts. - Help customers prepare for and navigate audits (SOC 2, ISO 27001, HIPAA, PCI-DSS, NIST, and similar frameworks), translating requirements into practical next steps. - Advise on policy development and control design tailored to each customer's risk profile and maturity level — not just “what the framework says,” but what actually makes sense for them. - Spot GRC complexity early — recognizing when a customer's question touches on risk, compliance, or audit nuance that needs more than a standard playbook answer. - Partner closely with Support and Customer Success to own the escalations that require real GRC expertise, not just product knowledge. - Turn recurring customer questions into scalable guidance — playbooks, internal knowledge base content, and best-practice frameworks the whole team can use. - Act as the voice of the customer internally, flagging where our platform could better support real-world GRC workflows. Qualifications - 5+ years of experience as a GRC analyst, consultant, or coordinator — in-house, at a consulting firm, or in a similar capacity. - Direct, hands-on experience with audits, risk assessments and risk registers, and policy rollouts — you've been in the room, not just read about it. - Working familiarity with common frameworks (SOC 2, ISO 27001, HIPAA, PCI-DSS, NIST, or similar) — deep specialization isn't required, but you should be able to orient quickly in any of them. - An instinct for GRC complexity: you can tell when something is more nuanced than it first appears, and you know how to break it down for someone who's stuck. - Strong consultative communication skills — you can explain a compliance concept to a nontechnical stakeholder without losing the substance. - A genuine interest in helping customers solve problems, not just closing tickets. Requirements - Certifications such as CISA, CRISC, CGRC, or ISO 27001 Lead Implementer/Auditor. - Experience working directly with a GRC software platform (as a practitioner, implementer, or vendor-side consultant). - Exposure to multiple industries or company sizes, giving you a broader sense of how GRC programs vary in practice. Benefits - Competitive salary and meaningful equity participation at a Series A inflection point. - Comprehensive paid benefits, including health insurance, 401(k), and generous leave policies.

Related Job Pages

More Security Analyst Jobs

Gartner logo

Director Analyst, Application Security

Gartner

We deliver actionable, objective insight that drives smarter decisions and stronger performance.

Full TimeRemoteTeam 10,001+Since 1979H1B Sponsor

• Create innovative, thought provoking, and highly leveraged “must-have insights” content • Develop new insights and ideas through thought leadership • Develop in-depth analysis to identify root causes and drive strategy forward • Demonstrate thought leadership across a team of analysts • Research, analyze, and predict market trends • Provide actionable advice aligned to designated content area via interactions • Create and deliver high value presentation materials • Provide sales support to drive engagement with clients • Build credibility as an industry expert • Actively participate in innovation, ideation, and research discussions • Identify research process improvements or develop new processes • Be a mentor and coach for junior team members • Client-centric approach to engage clients regularly

United Kingdom

Role Description The Cybersecurity Risk Management Analyst provides advanced Governance, Risk, and Compliance (GRC) support for federal information systems in accordance with the Federal Information Security Modernization Act (FISMA) and the NIST Risk Management Framework (RMF). This role is responsible for managing Assessment & Authorization (A&A) activities, supporting external service authorizations, conducting cybersecurity risk assessments, and maintaining continuous monitoring efforts to ensure compliance with federal cybersecurity requirements. The position requires strong analytical, documentation, and stakeholder engagement skills while working collaboratively with federal system owners, Information System Security Officers (ISSOs), Cloud Service Providers, and executive leadership to maintain secure and compliant federal systems. Qualifications - Bachelor's degree in Cybersecurity, Information Technology, Public Policy, or related discipline (or equivalent experience). - Professional cybersecurity certification such as: - CISSP - CISM - CAP - Minimum seven (7) years of progressive cybersecurity experience. - Minimum four (4) years supporting federal Risk Management Framework (RMF) and Assessment & Authorization (A&A) programs. - Demonstrated experience implementing the NIST Risk Management Framework. - Strong working knowledge of: - Federal Risk and Authorization Management Program (FedRAMP) - NIST Special Publication 800-53 Revision 5 - Federal Information Security Modernization Act (FISMA) - Federal Zero Trust Strategy (OMB M-22-09) - Experience supporting Moderate and/or High Impact federal information systems. - Familiarity with federal cloud security requirements and FedRAMP-authorized cloud environments. - Proficiency with Microsoft Office 365 applications. - Excellent written and verbal communication skills. - Ability to communicate effectively with technical teams and executive leadership. - Active Public Trust clearance or the ability to obtain and maintain one. Requirements - Manage the full lifecycle of Risk Management Framework (RMF) activities in accordance with NIST Special Publication 800-37. - Develop, review, and maintain security authorization documentation including: - System Security Plans (SSPs) - Security Assessment Plans (SAPs) - Security Assessment Reports (SARs) - Plans of Action and Milestones (POA&Ms) - Review and evaluate FedRAMP authorization packages and package updates supporting cloud service authorization decisions. - Monitor Authorization to Operate (ATO) packages within the FedRAMP Secure Repository. - Coordinate with system owners, ISSOs, Cloud Service Providers, and security stakeholders regarding system changes and authorization activities. - Validate implementation of NIST SP 800-53 Rev. 5 security controls, including inherited and agency-implemented controls. - Conduct cybersecurity risk assessments utilizing NIST SP 800-30 methodologies. - Provide risk analysis and recommendations to Authorizing Officials and senior leadership. - Support continuous monitoring by reviewing vulnerability scans, managing POA&Ms, and coordinating remediation activities. - Peer review cybersecurity policies, standards, procedures, and implementation guidance. - Perform regulatory and policy analysis to ensure alignment with federal cybersecurity requirements. - Conduct compliance gap analyses and recommend remediation strategies. - Assist in developing security control overlays, baseline updates, and control tailoring guidance. - Provide cybersecurity governance subject matter expertise. - Support enterprise reporting, cybersecurity metrics, and compliance dashboards utilizing ServiceNow. - Support FISMA reporting activities. - Prepare documentation for internal and external audits and oversight reviews. - Assist with responses to oversight inquiries and corrective action tracking. - Perform quality assurance reviews of cybersecurity documentation. - Perform other job-related duties as assigned. Benefits - Estimated Starting Salary Range Cybersecurity Risk Management Analyst- $140,000 – $150,000 - Pay commensurate with experience. - Full-time benefits include: - Medical - Dental - Vision - 401(k) - Paid time off - Other company-sponsored benefits as provided. - Benefits are subject to change with or without notice. Company Description Criterion Systems LLC is part of Cherokee Federal—the division of tribally owned federal contracting companies owned by Cherokee Nation Businesses. As a trusted partner supporting more than 60 federal clients, Criterion delivers innovative technology, cybersecurity, and mission support solutions that help federal agencies solve complex challenges and accomplish critical missions. Cherokee Federal is a military-friendly employer. Veterans and active military transitioning to civilian careers are encouraged to apply.

United States
$140K - $150K / year
Netrix Global logo

Senior Security Analyst

Netrix Global

IT Consultant & Managed Service Provider

Full TimeRemoteTeam 501-1,000Since 1990H1B No Sponsor

• Monitor and triage security alerts from SIEM, EDR/XDR, firewall, IDS/IPS, endpoint, identity, email, cloud, and other client telemetry sources. • Perform initial investigations to validate alerts, determine scope, assess severity, and identify likely root cause. • Analyze intrusion detection alerts, firewall events, endpoint activity, system logs, network traffic, and authentication events to identify suspicious or malicious activity. • Determine whether attacks were successful, document supporting evidence, and notify clients according to established escalation and communication procedures. • Identify indicators of compromise, enrich events with threat intelligence, and map relevant activity to frameworks such as MITRE ATT&CK when appropriate. • Support incident response efforts by providing technical findings, recommended containment actions, and timely updates to clients and internal teams. • Document investigation steps, timelines, findings, client communications, and recommendations in case management systems. • Contribute to detection tuning, false-positive reduction, knowledge base articles, runbooks, and process improvements. • Conduct ongoing research on emerging threats, vulnerabilities, attacker tactics,and security operations best practices.

Argentina
securityfirst logo

Senior Information Security Analyst – Governance

securityfirst

Levando a expertise em segurança da informação do mercado financeiro para setores como Saúde, Infraestrutura e Varejo.

Full TimeRemoteTeam 51-200Since 2017H1B No Sponsor

• Protect critical industrial environments. • Ensure the security of automation systems, industrial networks and critical infrastructure. • Ensure resilience against cyber threats that directly impact operations. • Focus on implementing and maintaining security policies, standards and security practices.

Brazil