Technology & IT
GRC Analyst
We’re looking for a proactive and detail-oriented GRC Analyst to join our team and help implement and maintain key security and privacy compliance frameworks—including ISO 27001, ISO 22301, GDPR, SOC 2, HIPAA, and others. Looking for the candidate ready to travel for international projects and assignments.
Roles and Responsibilities
Compliance Implementation & Management
- Implement and maintain compliance programs such as ISO 27001, ISO 22301, GDPR, SOC 2, HIPAA (experience in even one is sufficient; we will train the rest).
- Conduct gap assessments, create remediation plans, and track closure activities.
- Maintain compliance evidence repositories and ensure version control and readiness for audits.
Risk Management
- Identify, assess, and document organizational risks.
- Support risk treatment planning with control owners and monitor progress.
Audit & Certification Support
- Prepare documentation, collect evidence, and assist internal and external auditors.
- Coordinate with stakeholders to remediate non-conformities and observations.
Policy & Procedure Development
Draft, review, and update security and privacy policies, SOPs, and standards aligned with regulatory and framework requirements.
Third-Party & Vendor Risk Management
- Conduct vendor assessments and evaluate security posture before onboarding.
- Track vendor risks and follow up on mitigation plans.
Awareness & Training
- Support organization-wide security awareness initiatives.
- Assist in running phishing simulations, role-based training, and compliance workshops.
Regulatory & Industry Monitoring
- Stay updated on emerging regulations, security best practices, and audit expectations.
- Recommend improvements to enhance our GRC maturity.
What You Bring
- 1–3 years of experience in GRC, compliance implementation, IT audit, or cybersecurity.
- Hands-on experience with at least one major standard (ISO 27001, ISO 22301, GDPR, SOC 2, HIPAA, PCI DSS, NIST, etc.).
- If you know only one or two—perfect. We support cross-training into others.
- Strong analytical and documentation skills; ability to identify gaps and propose practical controls.
- Excellent communication skills—capable of translating compliance concepts into clear, actionable guidance.
- Preferred but not required: certifications like ISO 27001 LA/LI, Sec+, CISA, CRISC, CDPSE, or similar.
Apply for this Position
Fill in your details below and we'll get back to you soon.