Senior GRC Analyst

Senior GRC Analyst | Deltek, Inc

Deltek is the intelligent, industry-tuned platform that powers the project lifecycle – from ERP and accounting to delivery and analysis. Trusted by 30,000 organizations, Deltek delivers speed, clarity, and control. Deltek brings everything project-based businesses need into one unified platform. Built on our Deltek Native Architecture (DNA) – the secure engine for data, compliance, and control – it connects every stage of the project lifecycle seamlessly. Modular, cloud-based, and powered by AI, Deltek helps teams work smarter, make faster decisions, and deliver with confidence. Every capability in the Deltek platform is shaped by deep industry knowledge and refined through decades of helping organizations win, plan, execute, and analyze their most critical work. Unified by a single data model and orchestrated intelligently, Deltek ensures information flows seamlessly across the project lifecycle. With built-in governance, control, and insight, it creates a connected ecosystem for confident delivery.

Position Responsibilities

You will be part of the GRC team responsible for assessment, audits of cloud environments, information systems, risk management, and security tools to ensure adherence to applicable frameworks, laws, and regulations. As a Senior GRC Analyst, you will help maintain audit readiness and customer trust by ensuring our SaaS/cloud controls are well-documented, measurable, and aligned to applicable frameworks and regulatory expectations. Our goal is to help customers deliver successful projects with strong financial visibility, risk management, and on-time delivery—supported by secure, compliant products. Priorities: (1) Audit readiness and evidence delivery, (2) Control documentation, continuous monitoring, and (3) Risk/PoA&M reporting, assigned deliverables end-to-end and coordinating inputs from Engineering, Product, and IT. Core Role Requirements

• As a senior analyst: lead cloud SaaS applications through various audit frameworks and assessments such as SOC 1, SOC 2, NIST 800-53, NIST 800-171, CMMC, ISO, FedRAMP, PCI DSS, CIS, CSA CSM, or other information security regulations.
• Lead and/or support end-to-end audit engagements (internal and external), including scoping, evidence requests, control testing, issue tracking, and final report support.
• Assess and communicate administrative, technical, and security controls across major cloud platforms, including Oracle Cloud Infrastructure (OCI), Amazon Web Services (AWS), and Microsoft Azure.
• Demonstrate the ability to apply project management practices to plan, track, and deliver security assessments, including hands-on use of Jira for epics/stories, backlog grooming, and stakeholder reporting.
• Use automation and AI responsibly to streamline evidence collection, control mapping, and recurring reporting while maintaining appropriate human review.

Reporting & Continuous Improvement

• Define, build, and maintain recurring GRC metrics and dashboards (monthly/quarterly), and present trends, risks, and remediation status to senior leadership.
• Draft, maintain, and socialize security policies/standards and System Security Plans (SSPs), including control narratives, implementation details, and evidence references.
• Communicate clearly with engineering, product, and auditors, and produce high-quality audit deliverables (e.g., narratives, evidence packages, and status reporting).
• Manage risk register items and PoA&Ms end-to-end—identify control gaps, partner with stakeholders on remediation plans, and track progress through continuous monitoring.

Program Ownership & Documentation

• Own (or serve as backup owner for) key GRC programs by maintaining procedures, SLAs, and artifacts for audits and customer requests (e.g., policy management and security due diligence questionnaires to support RFIs and RFPs).
• Actively participate in initiatives aimed at enhancing team processes and procedures.
• Help maintain and curate annual compliance training content and improve training process.
• Interpret control requirements and regulatory obligations accurately, and translate them into clear, testable expectations for technical teams.
• Participate in incident response reviews and RCAs by documenting control failures, corrective actions, and follow-up evidence for closure.

Qualifications

Technical Requirements Senior-level expectation includes independently leading audit workstreams, driving stakeholder follow-through, and owning evidence/control documentation through completion (years of experience are a guideline, but demonstrated scope and impact are key).

• B.S. degree (Information Security, Computer Science, MIS, or equivalent program preferred) from an accredited college/university or equivalent experience.
• Demonstrated experience supporting audits and compliance work across common frameworks (see framework list above), with demonstrated evidence collection, control testing, and remediation tracking.
• Relevant combined experience with implementing and/or assessing: IT audit, IT risk management, Cloud security and compliance, internal audit function, Information Technology General Controls (ITGC), Information security operations.
• Experience supporting government-related compliance efforts (e.g., FedRAMP- or DoD-aligned expectations) within cloud environments, including evidence packaging and stakeholder coordination.

Core Competencies

• Works independently, exercises good judgment, and seeks guidance as needed.
• Manages time effectively across multiple priorities and concurrent projects.
• Demonstrates strong analytical and critical-thinking skills with solid business and technical acumen.
• Collaborates effectively with diverse stakeholders, leveraging clear written & verbal communication.
• Thrives in a fast-paced, collaborative environment and contributes to shared outcomes.
• Follows directions from senior staff and supports peers to deliver high-quality, time-bound work.
• Continuously learns through structured, on-the-job, and self-directed development.

Preferences

• Hold (or be actively pursuing) relevant certifications such as CISA, CISSP, CCSK/CCAK, or major cloud security certifications (Azure/AWS/GCP), with active status preferred.
• Demonstrable FedRAMP, ISO and SOC Security Framework experience desired.
• Experience with effective AI usage, data analysis, report preparation, automation, and templating of repeat processes.