Support governance, risk, and compliance (GRC) activities by assisting with cybersecurity framework implementation and regulatory compliance efforts.
Gain familiarity with GRC frameworks such as NIST CSF, ISO 27001, and COBIT, and help ensure technical and administrative controls align with audit and regulatory requirements.
Assist in maintaining compliance with regulatory standards including SOX, HIPAA, SOC 2, GDPR, and PCI-DSS, while staying informed about evolving cybersecurity laws and obligations.
Participate in internal and external audits by coordinating evidence collection, tracking remediation efforts, and supporting readiness for SOC 2, SOX ITGC, and HIPAA assessments.
Collaborate with cross-functional teams to support security initiatives and communicate effectively with both technical and non-technical stakeholders.

3+ years of relevant experience in security engineering and GRC-focused security solutions development.
Understanding of security standards and frameworks such as NIST, ISO 27001, CIS Controls, and industry compliance regulations (NYDFS, GDPR, HIPAA, PCI-DSS).
Proven ability to manage complex timelines and deliverables, ensuring alignment with organizational goals and regulatory requirements.
Preferred Certifications: CISSP (Certified Information Systems Security Professional) CISM (Certified Information Security Manager) CISA (Certified Information Systems Auditor) GIAC (Global Information Assurance Certification) CEH (Certified Ethical Hacker) CRISC (Certified in Risk and Information Systems Control).

Governance, Risk & Compliance Analyst

Key skills