GRC Analyst III

Insight Global is seeking a Senior GRC Analyst to sit on site in San Antonio, Texas. As the Senior GRC Analyst, you will be responsible for leading enterprise governance, risk, and compliance (GRC) initiatives to ensure regulatory alignment, enables riskinformed decisionmaking, and integrates security controls across business and technology operations. This position serves as a key advisor and liaison among cybersecurity, legal, audit, and executive leadership.
- Develop, maintain, and enforce enterprise cybersecurity policies, standards, and procedures
- Establish and manage control frameworks, control matrices, and compliance mappings
- Lead enterprisewide cyber risk assessments, including business systems, cloud environments, and thirdparty vendors
- Identify, analyze, prioritize, and document risks using qualitative and quantitative methods
- Maintain the enterprise risk register and provide riskbased recommendations to leadership
- Serve as the primary liaison for internal and external audits, regulators, and assessors
- Lead audit readiness efforts, including evidence collection, control testing, documentation, and remediation tracking
- Oversee implementation and effectiveness of security controls across IT, cloud, and business systems
- Validate control performance through continuous monitoring, testing, metrics, and reporting
- Partner with engineering, SOC, and IT teams to operationalize and measure security controls
- Conduct vendor risk assessments and evaluate thirdparty compliance with contractual and regulatory requirements
- Recommend risk mitigation strategies, contractual safeguards, and security requirements
- Lead security awareness and training initiatives
- Drive continuous improvement of the GRC program
- Mentor junior analysts and provide guidance to leadership

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to View email address on click.appcast.io learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy:


Required Skills & Experience
- Bachelor's degree in cybersecurity, information assurance, or related
- 6+ years of experience within cybersecurity, risk management, or compliance
- Proven knowledge of cybersecurity and compliance frameworks such as NIST SP 80053, CJIS, HIPAA, and PCIDSS
- Experience developing and maintaining enterprise security policies, standards, and control frameworks
- Proven ability to conduct enterprise cyber risk assessments across onprem, cloud, and thirdparty environments
- Demonstrated experience supporting or leading internal and external audits, including regulator and thirdparty assessments
- Ability to translate regulatory and compliance requirements into actionable technical and operational controls
- Experience managing risk registers, risk acceptance, and exception processes
- Strong communication skills with the ability to present risk and compliance findings to executive leadership


Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.