GRC Analyst
Momentum
Overview Momentum is a respected collection of independent companies, including PMG, Koddi, Further. We serve as a premier global business transformation partner for over 125 of the Fortune 500 brands. With 1,400 global employees and $5B in media spend under management, we foster a fast-growing, values-driven, people-first environment where you can thrive. Our portfolio of companies partners with some of the world’s most iconic and ambitious brands. We combine scalability with a solutions-oriented approach to deliver fast-paced, innovative results for our customers while creating meaningful growth opportunities for our teams. If you are looking for opportunities to grow in your career and are passionate about being at the forefront of data and technology, and driving rapid innovation in the future of commerce, we would love to talk with you about joining Momentum. We believe that a culture of belonging, inclusion, and diversity is key to empowering our team members to thrive both personally and professionally. Living out our values is not just a goal; it\'s a daily practice! For more information, please visit The Opportunity We are hiring a Security GRC & Risk Analyst to own the governance, risk, and compliance execution layer across a holding company and portfolio of businesses. This is a build-oriented role with a defined scope: you will be the internal anchor for our SOC 2 Type II audit, NIST CSF remediation roadmap, security policy library, vendor risk program, and client-facing security questionnaires. You will work directly with the Cybersecurity Manager and a vCISO partner, collaborate with the Data Privacy legal team as a peer on overlapping policy areas, and engage regularly with portfolio company stakeholders. A dedicated internal Data Privacy legal team owns regulatory compliance - GDPR, CCPA, breach notification, and data subject rights. This role owns the technical controls layer: the evidence, the frameworks, the audit coordination, and the vendor risk program. Join us in this full-time role, based in our Dallas Office at the Link: 2601 Olive Street, Dallas, TX. Be part of a vibrant community where amazing people, data & insights, and perpetual innovation converge to shape the future of digital commerce! About This Role at Momentum What You'll Do SOC 2 & NIST CSF Program Own the internal SOC 2 Type II evidence collection process, keeping controls audit-ready year-round. Manage the audit timeline, day-to-day liaison with the external auditor, and remediation finding closure between cycles. Own the NIST CSF remediation roadmap: maintain the gap register, report progress to the VP and vCISO on a defined cadence, and coordinate with portfolio company IT teams to assess and close control gaps. Build and maintain a unified controls library mapping SOC 2 Trust Services Criteria, NIST CSF subcategories, and applicable regulatory requirements. Prepare the organization for bi-annual NIST CSF assessments, ensuring controls are documented and defensible. Security Policy & AI Governance Operationalize the enterprise-wide information security policy library across the corporate entity and portfolio companies. Inventory gaps against SOC 2, NIST CSF, and applicable regulations; draft, publish, and version-control policies in coordination with the vCISO. Build and maintain annual policy attestation workflows across all employees. Bridge with the Data Privacy legal team on overlapping areas: data classification, retention, and incident notification. Develop and maintain the AI governance framework: tool intake review, data handling risk assessment, and acceptable use policy. Evaluate AI tools proposed across the corporate entity and portfolio companies against security and compliance standards. Own AI-related policy documentation and track emerging regulatory requirements including the EU AI Act and NIST AI RMF. Build and maintain a risk register with risk-to-control mapping. Define and document formal risk tolerance and appetite in coordination with the vCISO and leadership. Own the third-party risk management program. Define and implement a tiered due diligence model (critical, high, medium, low) and conduct recurring reviews of critical service providers. Manage vendor risk assessments for tools under evaluation — SASE, CASB, DLP, AI governance tooling, and security platform consolidation. Coordinate with the Data Privacy legal team on vendors with material data processing obligations. Lead operationalization of the GRC platform (OneTrust) for centralized vendor inventory, risk scoring, and lifecycle management. Manage and respond to inbound security questionnaires from portfolio company clients (SIG, CAIQ, and custom formats). Build and maintain a response library to improve turnaround time and accuracy. Coordinate with the Cybersecurity Operations Engineer to validate technical control responses and keep answers current as the security stack evolves. Own ITGC audit controls across identity, endpoint, cloud, and SaaS platforms. Support internal audit responses and evidence requests beyond the annual SOC 2 cycle. BCP/DR & Security Awareness Own BCP/DR formalization: develop a business continuity charter, coordinate Business Impact Analysis across the corporate entity and portfolio companies, define RTO/RPO for critical operations, and ensure crisis management is embedded in the IR framework. Manage the KnowBe4 security awareness training program: campaign management, phishing simulations, completion tracking, and leadership reporting. Manage the security testing program as the organization transitions from annual to continuous autonomous pentesting. Own vendor relationships, track findings to remediation, and produce executive-ready reporting. Qualifications Required 5-7 years in GRC, security compliance, risk management, or a closely related security function. Hands-on experience owning or supporting a SOC 2 Type II audit: evidence collection, control mapping, and auditor coordination. Solid working knowledge of NIST CSF: gap assessments, control mapping, and remediation tracking. Demonstrated experience building or formalizing a security policy library, not just updating existing documents. Experience managing third-party and vendor risk assessments using a tiered risk model. Experience responding to client security questionnaires: SIG, CAIQ, or similar formats. Clear understanding of the boundary between GRC and legal/privacy functions. Proven ability to work alongside a legal team without blurring lanes. Strong written communication: you can translate technical controls into clear, accurate language for clients, auditors, and executives. Disciplined project management: you own timelines, follow up without being asked, and don\'t let things fall through. Active daily use of AI and automation. We operate at 100% internal AI adoption. Non-negotiable. Preferred Technical Experience GRC platforms: OneTrust, Drata, Vanta, Whistic, or similar. Security awareness platforms: KnowBe4 or equivalent. ITGC working knowledge across identity (Okta), SaaS (Google Workspace), cloud (AWS, GCP, Azure), and endpoint (CrowdStrike). BCP/DR frameworks: BIA methodology, RTO/RPO definition, and tabletop exercise facilitation. AI governance frameworks: NIST AI RMF or EU AI Act. Familiarity with CASB, DLP, or cloud security posture tooling from a compliance and documentation standpoint. Private equity, holding company, or multi-entity compliance environment experience strongly preferred. Commitment to Diversity and Inclusion at Momentum At Momentum, our commitment to change for the better is reflected in our dedication to fostering a culture of belonging, inclusion, and diversity. We recognize diversity and inclusion as key components of our company\'s success and growth. Recognizing the ongoing journey ahead, we are determined to make lasting impacts through the collective efforts of our Leadership team, People & Culture team, and every employee. Momentum is an equal opportunity employer, considering all qualified applicants regardless of characteristics protected by law. These include, but are not limited to, race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, genetic information, color, ancestry, and Veteran status. We actively seek qualified applicants from diverse backgrounds, with no consideration of criminal histories, in alignment with applicable legal requirements. Should a reasonable accommodation be necessary for the application process and beyond, we are eager to review and provide reasonable accommodations as needed, in compliance with applicable laws. Total Rewards At Momentum, we prioritize the well-being of the whole individual. We are committed to supporting our people in every moment that matters on their journey with us! We are pleased to offer a comprehensive total rewards package designed to provide protection, peace of mind, and a focus on overall well-being while helping our people plan for the future. The base salary range for this position may vary based on location. Actual compensation will be determined by role, level, and location, considering additional factors such as job-related skills, experience, and relevant education or training. For roles eligible for remote work, the base salary is tailored to the designated work location. In addition to the base salary, candidates may be eligible to receive a discretionary annual bonus, determined based on both the company\'s business performance and individual contributions. The People & Culture team will provide specific details during the hiring process. We take pride in offering a comprehensive benefits package for our full-time employees, encompassing healthcare benefits, a 401(k) plan with an employer match, short-term and long-term disability coverage, life insurance, paid time off, parental leave, and various paid holidays, among other perks. Our workplace offers opportunities for involvement in a wide range of challenging and impactful projects, across diverse industries and business models, fostering career advancement and development within our growing organization. The culture is highly collaborative and supportive, contributing to a fulfilling professional journey. Note on Confidentiality Any personal data collected during the application process will be treated with the utmost confidentiality and privacy. Important note This refined job description excludes application process content and non-job-related statements while preserving the role’s responsibilities and qualifications. #J-18808-Ljbffr
- ...Glocomms is partnered with a leading IT and Cloud Computing firm seeking an Information Security Governance, Risk & Compliance (GRC) Analyst to support and enhance the organization's security governance, risk management, and compliance programs. This individual will play...SuggestedRemote workFlexible hours
$94k - $123.9k
...secure, compliant, and scalable SAP environment. Perform security and compliance assessments and support the ongoing evolution of the SAP GRC (Governance Risk Compliance) environment, ensuring risks are accurately identified, assessed, and mitigated. Ruleset Governance &...SuggestedTemporary work- Glocomms is hiring an Information Security Governance, Risk & Compliance (GRC) Analyst in Dallas, Texas. This role focuses on enhancing the organization's security governance and compliance programs. The ideal candidate will manage risk and compliance activities, conduct...SuggestedRemote jobFlexible hours
- Crunchyroll is seeking an experienced Risk Analyst to support our Information Security GRC team. This role emphasizes governance, risk, and compliance, ensuring technology evolution aligns with employee needs and strategic goals. Successful candidates will have over 8 years...SuggestedFlexible hours
- Lantern is seeking a Senior Risk & Governance Analyst for their GRC Team in Dallas, TX. The role focuses on risk register maintenance, AI risk governance, third-party risk management, and HIPAA compliance support. Ideal candidates should have a bachelor's degree in a relevant...SuggestedFlexible hours
- Dormont Manufacturing Co is seeking a Senior Risk & Governance Analyst to join our GRC team in Dallas, Texas. This hybrid role involves maintaining our risk register, advancing AI risk governance, and supporting HIPAA compliance programs. The ideal candidate will have at...
- Motion Recruitment is seeking an SAP GRC Analyst for a full-time hire in Richardson, Texas. The candidate will serve as a technical and functional bridge between IT and business partners to ensure a secure, compliant SAP environment. Responsibilities include optimizing...Full time
- ...SAP GRC Analyst / SAP Security Analyst Location: Monday - Friday - Onsite in Richardson, TX Position Overview We are seeking an experienced SAP GRC Analyst to serve as the critical link between IT and business stakeholders, ensuring a secure...Monday to Friday
- A global business transformation partner in Dallas is seeking a Security GRC & Risk Analyst. The role involves owning the governance, risk, and compliance processes across a diverse portfolio. Key responsibilities include managing the SOC 2 Type II audit and NIST CSF remediation...Full time
- Ellation, Inc. is seeking a Risk Analyst to enhance its corporate Information Security GRC team. The role focuses on defining processes and implementing technologies to support a comprehensive security program. You will partner across teams to ensure designed technologies...Flexible hours
- ...GRC Analyst Enterprise & Third Party Risk At Caris, we understand that cancer is an ugly worda word no one wants to hear, but one that connects us all. That's why we're not just transforming cancer carewe're changing lives. We introduced precision medicine to the...Contract workWork experience placementWork at officeWeekend workAfternoon shift
- ...services, industry experience and culture at weaver.com. Position Profile Weaver is looking for a Governance, Risk, and Compliance (GRC) Senior Associate to join our growing firm. This position is responsible for day-to-day project management of 1-6 concurrent...Flexible hours
- ...collaborative, and entrepreneurial workplace culture. Position: Senior Associate or Supervisor - Governance, Risk, and Compliance (GRC) Department Role Overview: The GRC team works with clients to make a more risk‑aware, effective organization that can deliver transformational...Flexible hours
$119k - $145k
If you are unable to complete this application due to a disability, contact this employer to ask for an accommodation or an alternative application process. Cyber Security Risk & Compliance Specialist Full Time TEXAS CORPORATE, Irving, TX, US 4 days ago Requisition ID:...Full time- A leading staffing agency in Dallas is seeking a Risk Advisor to join a Commercial Bank's Direct Lending team. The role focuses on ensuring compliance with internal policies and regulations, particularly the Truth in Lending Act. Candidates must have at least five years...Full time
- Sunflower Bank, N.A. seeks an Information Security Risk and Compliance Analyst in Dallas, TX to support the enterprise's second-line risk & compliance function. This role conducts control oversight, vendor due diligence, and evidence validation to ensure accurate risk reporting...
- Sunflower Financial Inc. is seeking an Information Security Risk and Compliance Analyst for our Dallas, TX location. The role involves oversight activities, supporting risk management, and ensuring compliance with regulations. Ideal candidates have a Bachelor's degree,...
$95k - $110k
...Overview Role: Risk Analyst – Dallas. Who: A growing auto finance company building out its credit risk team. What: Analyze and forecast repossessions, origination risks, servicing exposure, and overall credit performance. When: Newly created position due to organizational...Work at office$120k - $160k
The Risk Officer is responsible for a wide variety of supervisory, compliance, and risk functions. In conjunction with the Senior Risk Officer, the Risk Officer has accountability for maintaining a consistent controlled environment through adherence of business ethics ...Temporary workLocal area- ...robust risk mitigation environment that aids in the growth processes and ensures adherence to policies. The Risk and Compliance Sr. Analyst evaluates and ensures that an organization's operations and procedures meet compliance standards. Responsibilities This job works...Work experience placement
- Sunflower Bank, N.A. in Dallas, TX is seeking a full-time Information Security Risk and Compliance Analyst to oversee second line control activities, ensure compliance with industry regulations, and manage risks effectively. The ideal candidate has a Bachelor’s degree and...Full time
- ...The Risk Analyst will support clients and executive/market leadership by implementing insurance solutions for the organization. Successful implementation is based on a deep understanding of the business model of the organization, a clear understanding of risk strategies...
- ...to support the evolution of our corporate Information Security GRC team. A specific focus will be on defining processes and implementing... ..., or have equivalent experience A Day In The Life Of a Risk Analyst Working with a focus to level‑up Information Security GRC at Crunchyroll...For contractorsFlexible hours
- ...services. We operate exclusively in Texas’ major markets: Dallas-Fort Worth, Austin, Houston, and San Antonio. Weitzman is seeking a Risk Analyst to join its corporate office in the Uptown area of Dallas. The Risk Analyst administers critical elements of insurance programs...Contract workWork at officeFlexible hours
$75k - $137.5k
Position Overview At PNC, our people are our greatest differentiator and competitive advantage in the markets we serve. We are all united in delivering the best experience for our customers. This LOB Risk Specialist Senior role is within PNC's Corporate & Institutional...Temporary workWork experience placement- ...Banker. Position Summary We are building and scaling a high‑performance consumer lending platform and are looking for a Fraud Risk Analyst to help protect the business from identity fraud, first‑party fraud, and credit abuse. This role sits at the intersection of fraud,...Work at officeRemote work
$79k - $95k
...Description The Fraud Risk Sr Analyst is accountable for monitoring and developing fraud risk strategies for Citizens Consumer Debit & ATM Card accounts with a focus on IT tools and systems to monitor and mitigate fraud. The Fraud Risk Sr Analyst will take the lead in...Work experience placementWork at officeLocal areaMonday to FridayFlexible hours- ...Braviant Holdings is seeking a Fraud Risk Analyst to join their team. This fully remote role involves analyzing fraud patterns, developing detection strategies, and collaborating with multiple teams to enhance portfolio quality. Ideal candidates have a degree in a related...Remote work
$75k - $137.5k
Position Overview At PNC, our people are our greatest differentiator and competitive advantage in the markets we serve. We are all united in delivering the best experience for our customers. We work together each day to foster an inclusive workplace culture where all...Full timeTemporary workPart timeWork experience placementWork at office- Interim Chief Regulatory & Chief Compliance Officer (CCO) About the Company A new CFTC-regulated exchange offering a novel type of security futures. Industry Capital Markets Type Privately Held About the Role The Company is in need of an Interim ...Permanent employmentTemporary workInterim roleRemote work
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to GRC Analyst. Be the first to apply!

