Governance, Risk, and Compliance (GRC) Analyst

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, or related field (or equivalent experience)
• 1–3 years of experience in GRC, cybersecurity, or compliance-related roles
• Familiarity with frameworks such as CMMC, NIST 800-171, NIST CSF, SOC 2, and ISO 27001
• Strong understanding of risk management principles
• Excellent written and verbal communication skills
• Strong organizational and documentation skills
• Ability to manage multiple tasks and meet deadlines in a remote environment

Nice To Haves

• Experience supporting CMMC assessments or readiness programs
• Knowledge of tools such as (put the tools needed)
• Relevant certifications (or working toward), such as:
• CompTIA Security+
• Experience working with Managed Service Providers (MSPs) or consulting environments

Responsibilities

• Support the development, implementation, and maintenance of GRC programs and policies
• Assist in preparing for and managing compliance audits (CMMC, SOC 2, ISO 27001, NIST 800-171)
• Conduct risk assessments and document findings, including risk mitigation strategies
• Develop, review, and maintain security policies, procedures, and documentation
• Track compliance status and remediation efforts across projects
• Work with internal teams and clients to gather evidence for audits and assessments
• Monitor regulatory changes and ensure organizational alignment with new requirements
• Assist in vendor risk assessments and third-party compliance reviews
• Maintain GRC tools, dashboards, and reporting metrics

Benefits

• Competitive compensation (based on experience)
• Opportunity to work on high-impact cybersecurity compliance projects
• Professional development and certification support
• Career growth within a rapidly expanding cybersecurity firm