Conduct ongoing risk reviews and maintain an up-to-date risk register
Support risk assessments across critical business processes and systems
Partner with stakeholders to develop and track risk mitigation plans through resolution
Assist in building risk metrics and reporting for executive-level visibility
Monitor adherence to relevant regulatory frameworks and internal controls
Support audit readiness by coordinating evidence collection and documentation
Partner with cross-functional teams to ensure successful audit outcomes with no material findings
Review and update GRC-related policies on a regular cadence
Support or lead compliance and security training initiatives
Develop and distribute awareness materials on key compliance topics
Maintain accurate and secure documentation for audits, investigations, and post-incident reviews

Bachelor’s degree in Business, Information Security, Risk Management, or related field (or equivalent experience)
3-5 years of experience in GRC, risk management, compliance, or audit-related roles
Familiarity with common compliance frameworks (e.g., SOC 2, ISO 27001, HIPAA, FedRAMP)
Strong organizational skills with attention to detail and follow-through
Act as a highly collaborative partner across internal teams and external stakeholders, demonstrating strong consultative and relationship-building skills; proactively align on goals, communicate clearly, and drive shared success through influence, responsiveness, and accountability

GRC Analyst

Key skills