Support delivery team in implementing cybersecurity programs aligned with SOC 2, ISO 27001, and other security and privacy frameworks
Own day-to-day GRC platform operations, including monitoring automated testing results, tracking controls, managing evidence uploads, inputting vendor and risk records, and maintaining policy assignments
Serve as the first line of response for audit requests, drafting initial responses and gathering information before escalating to the Client Lead for review
Assist with recurring compliance tasks including User Access Reviews, IR/DR tabletop exercises, and Risk Assessments
Take ownership of ad-hoc tasks such as SAQs, documentation, and one-off client requests, making a first attempt before seeking feedback
Monitor and respond to client communications across Slack, Teams, and email, drafting proposed solutions rather than simply surfacing problems
Contribute to client calls and weekly status updates, coordinating with delivery team members on expectations for external-facing communication
Maintain the project management tool with accurate, up-to-date task tracking across all active engagements
Stay current on emerging risks and evolving control practices
Build and maintain strong industry relationships to support long-term business development

Bachelor's and/or Master's degree in Information Technology (IT), Computer Information Systems (CIS), Management Information Systems (MIS), or a related field
Relevant certification preferred: CompTIA Security+, CISA, or AWS Cloud Practitioner
Minimum 1 year of experience in an IT Audit, Cybersecurity, or IT Risk Advisory role
Demonstrated knowledge of compliance frameworks such as SOC 2, ISO 27001, HIPAA, PCI-DSS, NIST, FedRAMP, and CMMC
Familiarity with GRC solutions, tools, and technologies

Associate – GRC/Cybersecurity

Key skills