Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

GRC Analyst

Momentum

GRC Analyst

Momentum is a respected collection of independent companies, including PMG, Koddi, Further. We serve as a premier global business transformation partner for over 125 of the Fortune 500 brands. With 1,400 global employees and $5B in media spend under management, we foster a fast-growing, values-driven, people-first environment where you can thrive.

Our portfolio of companies partners with some of the world's most iconic and ambitious brands. We combine scalability with a solutions-oriented approach to deliver fast-paced, innovative results for our customers while creating meaningful growth opportunities for our teams.

If you are looking for opportunities to grow in your career and are passionate about being at the forefront of data and technology, and driving rapid innovation in the future of commerce, we would love to talk with you about joining Momentum.

We believe that a culture of belonging, inclusion, and diversity is key to empowering our team members to thrive both personally and professionally. Living out our values is not just a goal; it's a daily practice!

The Opportunity

We are hiring a Security GRC & Risk Analyst to own the governance, risk, and compliance execution layer across a holding company and portfolio of businesses. This is a build-oriented role with a defined scope: you will be the internal anchor for our SOC 2 Type II audit, NIST CSF remediation roadmap, security policy library, vendor risk program, and client-facing security questionnaires.

You will work directly with the Cybersecurity Manager and a vCISO partner, collaborate with the Data Privacy legal team as a peer on overlapping policy areas, and engage regularly with portfolio company stakeholders. A dedicated internal Data Privacy legal team owns regulatory compliance - GDPR, CCPA, breach notification, and data subject rights. This role owns the technical controls layer: the evidence, the frameworks, the audit coordination, and the vendor risk program.

Join us in this full-time role, based in our Dallas Office at the Link: 2601 Olive Street, Dallas, TX. Be part of a vibrant community where amazing people, data & insights, and perpetual innovation converge to shape the future of digital commerce!

About This Role at Momentum

What You'll Do

SOC 2 & NIST CSF Program
  • Own the internal SOC 2 Type II evidence collection process, keeping controls audit-ready year-round. Manage the audit timeline, day-to-day liaison with the external auditor, and remediation finding closure between cycles.
  • Own the NIST CSF remediation roadmap: maintain the gap register, report progress to the VP and vCISO on a defined cadence, and coordinate with portfolio company IT teams to assess and close control gaps.
  • Build and maintain a unified controls library mapping SOC 2 Trust Services Criteria, NIST CSF subcategories, and applicable regulatory requirements.
  • Prepare the organization for bi-annual NIST CSF assessments, ensuring controls are documented and defensible.
Security Policy & AI Governance
  • Operationalize the enterprise-wide information security policy library across the corporate entity and portfolio companies. Inventory gaps against SOC 2, NIST CSF, and applicable regulations; draft, publish, and version-control policies in coordination with the vCISO.
  • Build and maintain annual policy attestation workflows across all employees. Bridge with the Data Privacy legal team on overlapping areas: data classification, retention, and incident notification.
  • Develop and maintain the AI governance framework: tool intake review, data handling risk assessment, and acceptable use policy. Evaluate AI tools proposed across the corporate entity and portfolio companies against security and compliance standards.
  • Own AI-related policy documentation and track emerging regulatory requirements including the EU AI Act and NIST AI RMF.
Risk Management & Vendor Risk
  • Build and maintain a risk register with risk-to-control mapping. Define and document formal risk tolerance and appetite in coordination with the vCISO and leadership.
  • Own the third-party risk management program. Define and implement a tiered due diligence model (critical, high, medium, low) and conduct recurring reviews of critical service providers.
  • Manage vendor risk assessments for tools under evaluation — SASE, CASB, DLP, AI governance tooling, and security platform consolidation. Coordinate with the Data Privacy legal team on vendors with material data processing obligations.
  • Lead operationalization of the GRC platform (OneTrust) for centralized vendor inventory, risk scoring, and lifecycle management.
Client Questionnaires & Audit Support
  • Manage and respond to inbound security questionnaires from portfolio company clients (SIG, CAIQ, and custom formats). Build and maintain a response library to improve turnaround time and accuracy.
  • Coordinate with the Cybersecurity Operations Engineer to validate technical control responses and keep answers current as the security stack evolves.
  • Own ITGC audit controls across identity, endpoint, cloud, and SaaS platforms. Support internal audit responses and evidence requests beyond the annual SOC 2 cycle.
BCP/DR & Security Awareness
  • Own BCP/DR formalization: develop a business continuity charter, coordinate Business Impact Analysis across the corporate entity and portfolio companies, define RTO/RPO for critical operations, and ensure crisis management is embedded in the IR framework.
  • Manage the KnowBe4 security awareness training program: campaign management, phishing simulations, completion tracking, and leadership reporting.
  • Manage the security testing program as the organization transitions from annual to continuous autonomous pentesting. Own vendor relationships, track findings to remediation, and produce executive-ready reporting.
Qualifications

Required

  • 5-7 years in GRC, security compliance, risk management, or a closely related security function.
  • Hands-on experience owning or supporting a SOC 2 Type II audit: evidence collection, control mapping, and auditor coordination.
  • Solid working knowledge of NIST CSF: gap assessments, control mapping, and remediation tracking.
  • Demonstrated experience building or formalizing a security policy library, not just updating existing documents.
  • Experience managing third-party and vendor risk assessments using a tiered risk model.
  • Experience responding to client security questionnaires: SIG, CAIQ, or similar formats.
  • Clear understanding of the boundary between GRC and legal/privacy functions. Proven ability to work alongside a legal team without blurring lanes.
  • Strong written communication: you can translate technical controls into clear, accurate language for clients, auditors, and executives.
  • Disciplined project management: you own timelines, follow up without being asked, and don't let things fall through.
  • Active daily use of AI and automation. We operate at 100% internal AI adoption. Non-negotiable.
Preferred Technical Experience
  • GRC platforms: OneTrust, Drata, Vanta, Whistic, or similar.
  • Security awareness platforms: KnowBe4 or equivalent.
  • ITGC working knowledge across identity (Okta), SaaS (Google Workspace), cloud (AWS, GCP, Azure), and endpoint (CrowdStrike).
  • BCP/DR frameworks: BIA methodology, RTO/RPO definition, and tabletop exercise facilitation.
  • AI governance frameworks: NIST AI RMF or EU AI Act.
  • Familiarity with CASB, DLP, or cloud security posture tooling from a compliance and documentation standpoint.
  • Private equity, holding company, or multi-entity compliance environment experience strongly preferred.
Commitment to Diversity and Inclusion at Momentum

At Momentum, our commitment to change for the better is reflected in our dedication to fostering a culture of belonging, inclusion, and diversity. We recognize diversity and inclusion as key components of our company's success and growth. Recognizing the ongoing journey ahead, we are determined to make lasting impacts through the collective efforts of our Leadership team, People & Culture team, and every employee.

Momentum is an equal opportunity employer, considering all qualified applicants regardless of characteristics protected by law. These include, but are not limited to, race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, genetic information, color, ancestry, and Veteran status. We actively seek qualified applicants from diverse backgrounds, with no consideration of criminal histories, in alignment with applicable legal requirements.

Should a reasonable accommodation be necessary for the application process and beyond, we are eager to review and provide reasonable accommodations as needed, in compliance with applicable laws.

Vacancy posted 1 day ago
Similar jobs that could be interesting for youBased on the GRC Analyst in Dallas, TX vacancy
  • Dormont Manufacturing Co is seeking a Senior Risk & Governance Analyst to join our GRC team in Dallas, Texas. This hybrid role involves maintaining our risk register, advancing AI risk governance, and supporting HIPAA compliance programs. The ideal candidate will have at... 
    Suggested

    Dormont Manufacturing Co

    Dallas, TX
    3 days ago
  • Crunchyroll is seeking an experienced Risk Analyst to support our Information Security GRC team. This role emphasizes governance, risk, and compliance, ensuring technology evolution aligns with employee needs and strategic goals. Successful candidates will have over 8 years... 
    Suggested
    Flexible hours

    Crunchyroll

    Dallas, TX
    1 day ago
  •  ...staffing agency based in Dallas, Texas is seeking a Senior Security Analyst to identify and mitigate security risks within the IT...  ...Information Security or IT and at least 3 years of experience in GRC/risk management. Competitive compensation and benefits offered.... 
    Suggested

    Liberty Personnel Services, Inc.

    Dallas, TX
    2 days ago
  • Crunchyroll is seeking a Risk Analyst to support the evolution of its corporate Information Security GRC team in Dallas, Texas. The ideal candidate will design processes and implement technology to ensure governance, risk, and compliance across the organization. Applicants... 
    Suggested
    Flexible hours

    Dormont Manufacturing Company

    Dallas, TX
    4 days ago
  •  ...GRC Analyst Enterprise & Third Party Risk At Caris, we understand that cancer is an ugly worda word no one wants to hear, but one that connects us all. That's why we're not just transforming cancer carewe're changing lives. We introduced precision medicine to the... 
    Suggested
    Contract work
    Work experience placement
    Work at office
    Weekend work
    Afternoon shift

    Caris Life Sciences

    Irving, TX
    5 days ago
  • Risk & Compliance Senior Associate At Caterpillar Inc., the Risk & Compliance Senior Associate supports the Enterprise Compliance Program by advancing key initiatives across governance, risk management, and ethics, and by managing compliance content, training, and policy...

    Caterpillar Brazil

    Irving, TX
    4 days ago
  • $89.21k - $133.81k

    Career Area Legal and Compliance Job Description Your Work Shapes the World at Caterpillar Inc. When you join Caterpillar, you're joining a global team who cares not just about the work we do – but also about each other. We are the makers, problem solvers, and future world...
    Part time
    Flexible hours

    Caterpillar Financial Service Corp

    Irving, TX
    4 days ago
  •  ...services, industry experience and culture at weaver.com. Position Profile Weaver is looking for a Governance, Risk, and Compliance (GRC) Senior Associate to join our growing firm. This position is responsible for day-to-day project management of 1-6 concurrent... 
    Flexible hours

    Weaver

    Dallas, TX
    13 hours ago
  • In The News: Solifi Acquired DataScan on September 23, 2025: Solifi, a global leader in secured finance technology, today announced the acquisition of DataScan, a trusted North American leader in wholesale finance and inventory risk management. About DataScan: Headquartered...
    Work at office
    Local area
    Flexible hours
    Night shift

    Datascan Technologies, LLC

    Dallas, TX
    13 hours ago
  • Transportation Compliance Supervisor At OxyChem, our chemistry makes modern life possible, and it is our people who make the difference. We are a safety-first, purpose-driven team committed to innovation, environmental responsibility, and doing things the right way....
    Work at office
    Local area

    OxyChem

    Dallas, TX
    1 day ago
  • $119k - $145k

    If you are unable to complete this application due to a disability, contact this employer to ask for an accommodation or an alternative application process. Cyber Security Risk & Compliance Specialist Full Time TEXAS CORPORATE, Irving, TX, US 4 days ago Requisition ID:...
    Full time

    EFJohnson Technologies

    Irving, TX
    3 days ago
  • Sunflower Financial Inc. is seeking an Information Security Risk and Compliance Analyst for our Dallas, TX location. The role involves oversight activities, supporting risk management, and ensuring compliance with regulations. Ideal candidates have a Bachelor's degree,... 

    Sunflower Financial Inc.

    Dallas, TX
    4 days ago
  • $79k - $95k

     ...Description The Fraud Risk Sr Analyst is accountable for monitoring and developing fraud risk strategies for Citizens Consumer Debit & ATM Card accounts with a focus on IT tools and systems to monitor and mitigate fraud. The Fraud Risk Sr Analyst will take the lead in... 
    Work experience placement
    Work at office
    Local area
    Monday to Friday
    Flexible hours

    Citizens

    Irving, TX
    20 hours ago
  • $92.5k - $120k

    Ranked among the largest accounting and consulting firms in the country and consistently recognized as a Great Place to Work ( Cherry Bekaert delivers innovative advisory, assurance and tax services to our clients. At Cherry Bekaert we create shared success through teamwork...
    Work experience placement
    Work at office
    Local area
    Remote work

    Cherry Bekaert

    Dallas, TX
    2 days ago
  • $105.4k - $124k

     ...Fraud Risk Analyst 4 At U.S. Bank, we're on a journey to do our best. Helping the customers and businesses we serve to make better and smarter financial decisions and enabling the communities we support to grow and succeed. We believe it takes all of us to bring our... 
    Temporary work
    Work experience placement
    Work at office
    Local area
    Shift work
    3 days per week

    U.S. Bancorp

    Irving, TX
    2 days ago
  •  ...Job Description Job Description Position: Risk / Fraud Analyst Reports To: Director of Risk Direct Reports: None Description Summary: Under general supervision, the risk analyst position is an individual contributor to a department responsible for the... 
    Work at office
    Immediate start
    Weekend work

    SignaPay

    Irving, TX
    3 days ago
  •  ...We operate exclusively in Texas' major markets: Dallas-Fort Worth, Austin, Houston, and San Antonio. Weitzman is seeking a Risk Analyst to join its corporate office in the Uptown area of Dallas. The Risk Analyst administers critical elements of insurance programs... 
    Contract work
    Work at office
    Flexible hours

    Weitzman

    Dallas, TX
    3 days ago
  •  ...to support the evolution of our corporate Information Security GRC team. A specific focus will be on defining processes and implementing...  ...or have equivalent experience A Day In The Life Of a Risk Analyst: Working with a focus to level-up Information Security... 
    For contractors
    Flexible hours

    Crunchyroll

    Dallas, TX
    13 hours ago
  •  ...and connect people to what matters. This position will be posted until filled. Responsibilities About the role Risk Analyst II - Credit Risk Analytics is responsible for analyzing credit risk exposure related to consumer and commercial loan and lease acquisition... 
    Work experience placement
    Work at office
    Visa sponsorship
    Flexible hours
    2 days per week

    GM Financial

    Irving, TX
    1 day ago
  •  .... About the Role We are building and scaling a high-performance consumer lending platform and are looking for a Fraud Risk Analyst to help protect the business from identity fraud, first-party fraud, and credit abuse. This role sits at the intersection of fraud,... 
    Work at office
    Visa sponsorship

    Braviant Holdings

    Dallas, TX
    3 days ago
  • $95k - $110k

     ...Overview Role: Risk Analyst – Dallas. Who: A growing auto finance company building out its credit risk team. What: Analyze and forecast repossessions, origination risks, servicing exposure, and overall credit performance. When: Newly created position due to organizational... 
    Work at office

    Staff Financial Group

    Dallas, TX
    4 days ago
  •  ...Risk Analyst Dallas, TX The Risk Analyst will support clients and executive/market leadership by implementing insurance solutions for the organization. Successful implementation is based on a deep understanding of the business model of the organization, a clear understanding... 

    Lincoln Property Company

    Dallas, TX
    4 days ago
  • A multinational consulting firm is seeking a Senior Consultant in Risk Technology to deliver integrated risk management solutions using platforms like ServiceNow. The ideal candidate will have strong project management skills, a degree in a relevant field, and relevant...

    Ernst & Young Oman

    Dallas, TX
    4 days ago
  • $75k - $137.5k

    Position Overview At PNC, our people are our greatest differentiator and competitive advantage in the markets we serve. We are all united in delivering the best experience for our customers. This LOB Risk Specialist Senior role is within PNC's Corporate & Institutional...
    Temporary work
    Work experience placement

    PNC Financial Services Group

    Dallas, TX
    13 hours ago
  • $1,000 per month

     ...Senior Technology Risk Analyst The Senior Technology Risk Analyst is responsible for supporting the organization's risk governance direction...  ...and administration of the enterprise risk register within the GRC platform. Identify strengths and weaknesses in the risk and... 
    Casual work
    Work at office
    Weekend work
    Afternoon shift

    NewRez LLC

    Irving, TX
    2 days ago
  •  ...The Senior Risk Analyst: Lending & Card Services supports credit and fraud risk management across Populus Financial Group’s card services and consumer lending portfolios. This role focuses on model monitoring, underwriting policy execution, and portfolio analytics, partnering... 
    Full time
    Local area
    Monday to Friday
    Shift work
    Weekend work

    Populus Financial Group

    Irving, TX
    4 days ago
  • $100k - $179k

    About this role: Wells Fargo is seeking a Senior Risk Asset Review Specialist within Credit Risk as part of Corporate Risk. Learn more about the career areas and lines of business at wellsfargojobs.com ( . Credit Risk, which independently oversees the management ...
    Work experience placement
    Relocation package

    Wells Fargo

    Irving, TX
    2 days ago
  • Location: 8435 Stemmons Bldg. Primary Purpose The Senior Compliance Investigations Consultant is responsible for effectively carrying out investigations of internal and external reports of compliance-related allegations. MINIMUM SPECIFICATIONS Education ~ ...
    Work at office

    Parkland Health and Hospital System

    Dallas, TX
    1 day ago
  • Pinnacle Group, Inc. is seeking a Risk Specialist in Dallas, Texas, to develop and manage HR-related policies, compliance, and risk activities. This role is key for supporting governance in Human Resources and requires a solid background in risk and compliance. The ideal...

    Pinnacle Group, Inc.

    Dallas, TX
    3 days ago
  • $87.2k - $130.8k

    A telecommunications company in Dallas, Texas, is seeking a Sr Specialist Compliance Analyst. This role involves overseeing compliance programs, conducting risk assessments, and ensuring adherence to regulatory standards. Candidates should have a Bachelor's degree and at... 

    AT&T

    Dallas, TX
    3 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to GRC Analyst. Be the first to apply!

Related searches