Grc Analyst
About The Position
One of our retail manufacturing customers has been building out their Security Program over the last couple of years. As they continue to grow the program, and as an organization, they are expanding the team and need a strong GRC Analyst. IT Risk Management and Assessments • Support the execution and continuous improvement of the IT Risk Management program. • Perform risk identification, analysis, and evaluation for IT systems, applications, and processes. • Maintain and update the IT Risk Register, ensuring risks are clearly documented, rated, and tracked through remediation. • Collaborate with technology and business teams to develop and monitor risk mitigation plans. • Conduct IT risk assessments for new technologies, vendors, projects, and internal systems. • Assist in reviewing security controls, identifying gaps, and recommending appropriate risk treatments. • Contribute to periodic enterprise-wide risk assessments and reporting to leadership. IT Controls & SOX Compliance • Support IT SOX control testing activities, including gathering evidence, validating control operation, and documenting results. • Assist in remediation tracking for control deficiencies and audit findings. • Work with control owners to enhance design and operating effectiveness of IT general controls Governance & Compliance • Help maintain and create IT policies, standards, and procedures. Cybersecurity Awareness • Assist in planning and executing phishing simulations and security awareness campaigns. • Track and report phishing metrics and support user-focused training improvements.
Requirements
- 2–3 years of experience in IT risk management, cybersecurity, audit, or GRC-related functions.
- Familiarity with IT risk frameworks such as NIST, CIS, COBIT, or similar.
- Experience maintaining an IT Risk Register and performing risk assessments.
- Understanding of IT SOX controls and audit processes.
- Experience with phishing simulation tools
- Security or risk certifications (e.g., Security+, CRISC).
Responsibilities
- Support the execution and continuous improvement of the IT Risk Management program.
- Perform risk identification, analysis, and evaluation for IT systems, applications, and processes.
- Maintain and update the IT Risk Register, ensuring risks are clearly documented, rated, and tracked through remediation.
- Collaborate with technology and business teams to develop and monitor risk mitigation plans.
- Conduct IT risk assessments for new technologies, vendors, projects, and internal systems.
- Assist in reviewing security controls, identifying gaps, and recommending appropriate risk treatments.
- Contribute to periodic enterprise-wide risk assessments and reporting to leadership.
- Support IT SOX control testing activities, including gathering evidence, validating control operation, and documenting results.
- Assist in remediation tracking for control deficiencies and audit findings.
- Work with control owners to enhance design and operating effectiveness of IT general controls
- Help maintain and create IT policies, standards, and procedures.
- Assist in planning and executing phishing simulations and security awareness campaigns.
- Track and report phishing metrics and support user-focused training improvements.
Benefits
- Medical, dental & vision
- Critical Illness, Accident, and Hospital
- 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
- Life Insurance (Voluntary Life & AD&D for the employee and dependents)
- Short and long-term disability
- Health Spending Account (HSA)
- Transportation benefits
- Employee Assistance Program
- Time Off/Leave (PTO, Vacation or Sick Leave)
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Career Level
Mid Level
Education Level
No Education Listed
