Sr. GRC Analyst

About the Job
The Senior GRC Analyst - Governance & Risk will play a critical role in strengthening our client's cybersecurity governance, risk management, and compliance programs. This role will focus on enhancing security policies, standards, risk assessments, and governance frameworks to align with regulatory requirements, industry best practices, and the client’s security strategy. The ideal candidate will work closely with cross-functional teams to track and mitigate security risks, improve cybersecurity governance structures, and ensure compliance with regulatory obligations.
The Impact You'll Have
Governance, Policies & Standards

Develop, maintain, and enhance cybersecurity policies, standards, and control frameworks to align with industry regulations (e.g., PCI DSS, ISO 27001, SOC 2, SOX, DORA & NIST).
Work with cross-functional teams to ensure cybersecurity policies are embedded in business processes.
Establish documentation and approval processes for cybersecurity policies, ensuring consistency and transparency.
Maintain a centralized inventory of cybersecurity controls, ensuring alignment with regulatory and internal security requirements.
Risk Management & Assessments

Conduct cybersecurity risk assessments to identify, evaluate, and prioritize security risks.
Develop risk classification and treatment plans to guide security decision-making.
Monitor and track risk remediation efforts, providing guidance on mitigation strategies.
Work with business and technical teams to ensure risk treatment plans align with company objectives and security standards.
Drive continuous improvement of risk management processes by identifying emerging threats and adapting security strategies accordingly.
Compliance & Audit Support

Support external and internal audits (ISO 27001, SOC 2, PCI DSS, SOX, etc.) by providing necessary documentation and coordination.
Ensure control validation activities are conducted regularly to maintain compliance.
Collaborate with compliance, internal audit, and legal teams to maintain a strong cybersecurity compliance posture.
Track and manage cybersecurity exceptions, risk acceptance, and remediation activities.
Advisory & Awareness

Provide guidance to business units on risk management best practices, policy implementation, and compliance.
Work with leadership to develop risk-based security strategies aligned with business objectives.
Support security awareness initiatives by contributing to training programs and guidelines.
Who You Are

5+ years of experience in Cybersecurity, IT Risk Management, Governance, Compliance, or Information Security roles.
Strong understanding of cybersecurity frameworks, regulations, and compliance standards (e.g., ISO 27001, ISO 27002, ISO 27005, NIST, SOC 2, PCI DSS, SOX, etc.).
Hands-on experience conducting risk assessments and managing security risks.
Experience working with GRC tools (e.g., OneTrust, ServiceNow).
Familiarity with risk management strategies and strong analytical skills.
Strong communication and problem-solving skills.
Ability to work cross-functionally with technical and non-technical stakeholders.
Holding at least one industry certification (CISM, CRISC, CISSP, ISO 27001 Lead Auditor, Security+ or equivalent).