Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

GRC Analyst

Momentum

Momentum is a respected collection of independent companies, including PMG, Koddi, Further. We serve as a premier global business transformation partner for over 125 of the Fortune 500 brands. With 1,400 global employees and $5B in media spend under management, we foster a fast-growing, values-driven, people-first environment where you can thrive.

Our portfolio of companies partners with some of the world's most iconic and ambitious brands. We combine scalability with a solutions-oriented approach to deliver fast-paced, innovative results for our customers while creating meaningful growth opportunities for our teams.

If you are looking for opportunities to grow in your career and are passionate about being at the forefront of data and technology, and driving rapid innovation in the future of commerce, we would love to talk with you about joining Momentum.

We believe that a culture of belonging, inclusion, and diversity is key to empowering our team members to thrive both personally and professionally. Living out our values is not just a goal; it's a daily practice! For more information, please visit

The Opportunity


We are hiring a Security GRC & Risk Analyst to own the governance, risk, and compliance execution layer across a holding company and portfolio of businesses. This is a build-oriented role with a defined scope: you will be the internal anchor for our SOC 2 Type II audit, NIST CSF remediation roadmap, security policy library, vendor risk program, and client-facing security questionnaires.

You will work directly with the Cybersecurity Manager and a vCISO partner, collaborate with the Data Privacy legal team as a peer on overlapping policy areas, and engage regularly with portfolio company stakeholders. A dedicated internal Data Privacy legal team owns regulatory compliance - GDPR, CCPA, breach notification, and data subject rights. This role owns the technical controls layer: the evidence, the frameworks, the audit coordination, and the vendor risk program.

Join us in this full-time role, based in our Dallas Office at the Link: 2601 Olive Street, Dallas, TX. Be part of a vibrant community where amazing people, data & insights, and perpetual innovation converge to shape the future of digital commerce!

About This Role at Momentum

What You'll Do

SOC 2 & NIST CSF Program
  • Own the internal SOC 2 Type II evidence collection process, keeping controls audit-ready year-round. Manage the audit timeline, day-to-day liaison with the external auditor, and remediation finding closure between cycles.
  • Own the NIST CSF remediation roadmap: maintain the gap register, report progress to the VP and vCISO on a defined cadence, and coordinate with portfolio company IT teams to assess and close control gaps.
  • Build and maintain a unified controls library mapping SOC 2 Trust Services Criteria, NIST CSF subcategories, and applicable regulatory requirements.
  • Prepare the organization for bi-annual NIST CSF assessments, ensuring controls are documented and defensible.
Security Policy & AI Governance
  • Operationalize the enterprise-wide information security policy library across the corporate entity and portfolio companies. Inventory gaps against SOC 2, NIST CSF, and applicable regulations; draft, publish, and version-control policies in coordination with the vCISO.
  • Build and maintain annual policy attestation workflows across all employees. Bridge with the Data Privacy legal team on overlapping areas: data classification, retention, and incident notification.
  • Develop and maintain the AI governance framework: tool intake review, data handling risk assessment, and acceptable use policy. Evaluate AI tools proposed across the corporate entity and portfolio companies against security and compliance standards.
  • Own AI-related policy documentation and track emerging regulatory requirements including the EU AI Act and NIST AI RMF.
Risk Management & Vendor Risk
  • Build and maintain a risk register with risk-to-control mapping. Define and document formal risk tolerance and appetite in coordination with the vCISO and leadership.
  • Own the third-party risk management program. Define and implement a tiered due diligence model (critical, high, medium, low) and conduct recurring reviews of critical service providers.
  • Manage vendor risk assessments for tools under evaluation - SASE, CASB, DLP, AI governance tooling, and security platform consolidation. Coordinate with the Data Privacy legal team on vendors with material data processing obligations.
  • Lead operationalization of the GRC platform (OneTrust) for centralized vendor inventory, risk scoring, and lifecycle management.
Client Questionnaires & Audit Support
  • Manage and respond to inbound security questionnaires from portfolio company clients (SIG, CAIQ, and custom formats). Build and maintain a response library to improve turnaround time and accuracy.
  • Coordinate with the Cybersecurity Operations Engineer to validate technical control responses and keep answers current as the security stack evolves.
  • Own ITGC audit controls across identity, endpoint, cloud, and SaaS platforms. Support internal audit responses and evidence requests beyond the annual SOC 2 cycle.
BCP/DR & Security Awareness
  • Own BCP/DR formalization: develop a business continuity charter, coordinate Business Impact Analysis across the corporate entity and portfolio companies, define RTO/RPO for critical operations, and ensure crisis management is embedded in the IR framework.
  • Manage the KnowBe4 security awareness training program: campaign management, phishing simulations, completion tracking, and leadership reporting.
  • Manage the security testing program as the organization transitions from annual to continuous autonomous pentesting. Own vendor relationships, track findings to remediation, and produce executive-ready reporting.
Qualifications

Required
  • 5-7 years in GRC, security compliance, risk management, or a closely related security function.
  • Hands-on experience owning or supporting a SOC 2 Type II audit: evidence collection, control mapping, and auditor coordination.
  • Solid working knowledge of NIST CSF: gap assessments, control mapping, and remediation tracking.
  • Demonstrated experience building or formalizing a security policy library, not just updating existing documents.
  • Experience managing third-party and vendor risk assessments using a tiered risk model.
  • Experience responding to client security questionnaires: SIG, CAIQ, or similar formats.
  • Clear understanding of the boundary between GRC and legal/privacy functions. Proven ability to work alongside a legal team without blurring lanes.
  • Strong written communication: you can translate technical controls into clear, accurate language for clients, auditors, and executives.
  • Disciplined project management: you own timelines, follow up without being asked, and don't let things fall through.
  • Active daily use of AI and automation. We operate at 100% internal AI adoption. Non-negotiable.
Preferred Technical Experience
  • GRC platforms: OneTrust, Drata, Vanta, Whistic, or similar.
  • Security awareness platforms: KnowBe4 or equivalent.
  • ITGC working knowledge across identity (Okta), SaaS (Google Workspace), cloud (AWS, GCP, Azure), and endpoint (CrowdStrike).
  • BCP/DR frameworks: BIA methodology, RTO/RPO definition, and tabletop exercise facilitation.
  • AI governance frameworks: NIST AI RMF or EU AI Act.
  • Familiarity with CASB, DLP, or cloud security posture tooling from a compliance and documentation standpoint.
  • Private equity, holding company, or multi-entity compliance environment experience strongly preferred.

Commitment to Diversity and Inclusion at Momentum

At Momentum, our commitment to change for the better is reflected in our dedication to fostering a culture of belonging, inclusion, and diversity. We recognize diversity and inclusion as key components of our company's success and growth. Recognizing the ongoing journey ahead, we are determined to make lasting impacts through the collective efforts of our Leadership team, People & Culture team, and every employee.

Momentum is an equal opportunity employer, considering all qualified applicants regardless of characteristics protected by law. These include, but are not limited to, race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, genetic information, color, ancestry, and Veteran status. We actively seek qualified applicants from diverse backgrounds, with no consideration of criminal histories, in alignment with applicable legal requirements.

Should a reasonable accommodation be necessary for the application process and beyond, we are eager to review and provide reasonable accommodations as needed, in compliance with applicable laws.

Total Rewards

At Momentum, we prioritize the well-being of the whole individual. We are committed to supporting our people in every moment that matters on their journey with us! We are pleased to offer a comprehensive total rewards package designed to provide protection, peace of mind, and a focus on overall well-being while helping our people plan for the future.

The base salary range for this position may vary based on location. Actual compensation will be determined by role, level, and location, considering additional factors such as job-related skills, experience, and relevant education or training. For roles eligible for remote work, the base salary is tailored to the designated work location. In addition to the base salary, candidates may be eligible to receive a discretionary annual bonus, determined based on both the company's business performance and individual contributions. The People & Culture team will provide specific details during the hiring process.

We take pride in offering a comprehensive benefits package for our full-time employees, encompassing healthcare benefits, a 401(k) plan with an employer match, short-term and long-term disability coverage, life insurance, paid time off, parental leave, and various paid holidays, among other perks.

Our workplace offers opportunities for involvement in a wide range of challenging and impactful projects, across diverse industries and business models, fostering career advancement and development within our growing organization. The culture is highly collaborative and supportive, contributing to a fulfilling professional journey.

Note on Confidentiality

Any personal data collected during the application process will be treated with the utmost confidentiality and privacy.
Vacancy posted 1 day ago
Similar jobs that could be interesting for youBased on the GRC Analyst in Dallas, TX vacancy
  •  ...Governance, Risk & Compliance (GRC) Analyst (AI Training) About the Role We're partnering with the world's leading AI research labs to build smarter, more trustworthy AI - and we need practitioners who know how GRC actually works in the real world. Your expertise... 
    Suggested
    Hourly pay
    Ongoing contract
    Contract work
    Freelance
    Remote work
    Flexible hours

    Alignerr

    Dallas, TX
    3 days ago
  • $94k - $123.9k

     ...secure, compliant, and scalable SAP environment. Perform security and compliance assessments and support the ongoing evolution of the SAP GRC (Governance Risk Compliance) environment, ensuring risks are accurately identified, assessed, and mitigated. Ruleset Governance &... 
    Suggested
    Temporary work

    Lennox

    Richardson, TX
    15 hours ago
  •  ...GRC Analyst Enterprise & Third Party Risk At Caris, we understand that cancer is an ugly worda word no one wants to hear, but one that connects us all. That's why we're not just transforming cancer carewe're changing lives. We introduced precision medicine to the... 
    Suggested
    Contract work
    Work experience placement
    Work at office
    Weekend work
    Afternoon shift

    Caris Life Sciences

    Irving, TX
    1 day ago
  •  ...staffing agency based in Dallas, Texas is seeking a Senior Security Analyst to identify and mitigate security risks within the IT...  ...Information Security or IT and at least 3 years of experience in GRC/risk management. Competitive compensation and benefits offered.... 
    Suggested

    Liberty Personnel Services, Inc.

    Dallas, TX
    3 days ago
  • Crunchyroll is seeking an experienced Risk Analyst to support our Information Security GRC team. This role emphasizes governance, risk, and compliance, ensuring technology evolution aligns with employee needs and strategic goals. Successful candidates will have over 8 years... 
    Suggested
    Flexible hours

    Crunchyroll

    Dallas, TX
    2 days ago
  • Ellation, Inc. is seeking a Risk Analyst to enhance its corporate Information Security GRC team. The role focuses on defining processes and implementing technologies to support a comprehensive security program. You will partner across teams to ensure designed technologies... 
    Flexible hours

    Ellation

    Dallas, TX
    2 days ago
  •  ...services, industry experience and culture at weaver.com. Position Profile Weaver is looking for a Governance, Risk, and Compliance (GRC) Senior Associate to join our growing firm. This position is responsible for day-to-day project management of 1-6 concurrent... 
    Flexible hours

    Weaver

    Dallas, TX
    1 day ago
  •  ...to learn more.Risk and Compliance Analyst page is loaded## Risk and Compliance Analystlocations: Richardson, TXtime type: Full timeposted...  .../data hygiene and data management routines of a risk management GRC system is required, and specific experience with the Archer GRC... 
    Work at office
    Immediate start
    Day shift

    Texas Capital Bank

    Richardson, TX
    4 days ago
  • $119k - $145k

    If you are unable to complete this application due to a disability, contact this employer to ask for an accommodation or an alternative application process. Cyber Security Risk & Compliance Specialist Full Time TEXAS CORPORATE, Irving, TX, US 4 days ago Requisition ID:...
    Full time

    EFJohnson Technologies

    Irving, TX
    4 days ago
  •  ...Risk Management Sr. Analyst The Risk Management function is the Bank's 2LOD (second line of defense) is responsible for identifying, assessing, and mitigating risk for the entirety of the firm through the evaluation and establishment of risk management procedures and... 
    Work experience placement

    Texas Capital Bank

    Richardson, TX
    3 days ago
  • $79k - $95k

     ...Description The Fraud Risk Sr Analyst is accountable for monitoring and developing fraud risk strategies for Citizens Consumer Debit & ATM Card accounts with a focus on IT tools and systems to monitor and mitigate fraud. The Fraud Risk Sr Analyst will take the lead... 
    Work experience placement
    Work at office
    Local area
    Monday to Friday
    Flexible hours

    Citizens

    Irving, TX
    3 days ago
  • Sunflower Bank, N.A. in Dallas, TX is seeking a full-time Information Security Risk and Compliance Analyst to oversee second line control activities, ensure compliance with industry regulations, and manage risks effectively. The ideal candidate has a Bachelor’s degree and... 
    Full time

    Sunflower Bank, N.A.

    Dallas, TX
    1 day ago
  • Sunflower Bank, N.A. seeks an Information Security Risk and Compliance Analyst in Dallas, TX to support the enterprise's second-line risk & compliance function. This role conducts control oversight, vendor due diligence, and evidence validation to ensure accurate risk reporting... 

    Sunflower Bank Mortgage Lending

    Dallas, TX
    2 days ago
  • Sunflower Financial Inc. is seeking an Information Security Risk and Compliance Analyst for our Dallas, TX location. The role involves oversight activities, supporting risk management, and ensuring compliance with regulations. Ideal candidates have a Bachelor's degree,... 

    Sunflower Financial Inc.

    Dallas, TX
    15 hours ago
  • Interim Chief Regulatory & Chief Compliance Officer (CCO) About the Company A new CFTC-regulated exchange offering a novel type of security futures. Industry Capital Markets Type Privately Held About the Role The Company is in need of an Interim ...
    Permanent employment
    Temporary work
    Interim role
    Remote work

    Confidential

    Dallas, TX
    1 day ago
  •  ...team, please visit us at Overview of the Position Texas Capital Bank is seeking an experienced AI Integration Senior Analyst to join the Risk and Compliance group. This role is focused on designing, building, and deploying sophisticated AI agents using the... 
    Immediate start
    Day shift

    Texas Capital Bank

    Richardson, TX
    4 hours ago
  • In The News: Solifi Acquired DataScan on September 23, 2025: Solifi, a global leader in secured finance technology, today announced the acquisition of DataScan, a trusted North American leader in wholesale finance and inventory risk management. About DataScan: Headquartered...
    Work at office
    Local area
    Flexible hours
    Night shift

    DataScan

    Mesquite, TX
    3 days ago
  • $75k - $137.5k

    Position Overview At PNC, our people are our greatest differentiator and competitive advantage in the markets we serve. We are all united in delivering the best experience for our customers. This LOB Risk Specialist Senior role is within PNC's Corporate & Institutional...
    Temporary work
    Work experience placement

    PNC Financial Services Group

    Dallas, TX
    1 day ago
  • $43k - $44.63k

    About DataScan by Solifi: Headquartered in Alpharetta, Georgia, DataScan stands at the forefront of delivering cutting-edge wholesale asset financing and inventory risk management solutions. Our commitment lies in empowering lenders to efficiently oversee their operations...
    Temporary work
    Live in
    Flexible hours
    Night shift

    DataScan

    Dallas, TX
    2 days ago
  • $75k - $137.5k

    Position Overview At PNC, our people are our greatest differentiator and competitive advantage in the markets we serve. We are all united in delivering the best experience for our customers. We work together each day to foster an inclusive workplace culture where all...
    Full time
    Temporary work
    Part time
    Work experience placement
    Work at office

    PNC

    Dallas, TX
    15 hours ago
  • Location: 8435 Stemmons Bldg. Primary Purpose The Senior Compliance Investigations Consultant is responsible for effectively carrying out investigations of internal and external reports of compliance-related allegations. MINIMUM SPECIFICATIONS Education ~ ...
    Work at office

    Parkland Health and Hospital System

    Dallas, TX
    12 hours ago
  • $114.72k - $172.08k

    Compliance Risk Management Officer Serves as a compliance risk officer for Independent Compliance Risk Management (ICRM) responsible for establishing internal strategies, policies, procedures, processes, and programs to prevent violations of law, rule, or regulation...
    Full time
    Flexible hours

    Citigroup

    Irving, TX
    2 days ago
  • Pinnacle Group, Inc. is seeking a Risk Specialist in Dallas, Texas, to develop and manage HR-related policies, compliance, and risk activities. This role is key for supporting governance in Human Resources and requires a solid background in risk and compliance. The ideal...

    Pinnacle Group, Inc.

    Dallas, TX
    4 days ago
  • $87.2k - $130.8k

    A telecommunications company in Dallas, Texas, is seeking a Sr Specialist Compliance Analyst. This role involves overseeing compliance programs, conducting risk assessments, and ensuring adherence to regulatory standards. Candidates should have a Bachelor's degree and at... 

    AT&T

    Dallas, TX
    4 days ago
  • Goldman Sachs Group, Inc. in Dallas, Texas, is hiring an Associate for Regulatory Reporting. The role entails preparing and submitting regulatory reports, ensuring compliance with regulations, and analyzing datasets for accuracy and efficiency. Qualified candidates should...

    Goldman Sachs Group, Inc.

    Dallas, TX
    4 days ago
  •  ...to support the evolution of our corporate Information Security GRC team. A specific focus will be on defining processes and implementing...  ..., or have equivalent experience A Day In The Life Of a Risk Analyst Working with a focus to level‑up Information Security GRC at Crunchyroll... 
    For contractors
    Flexible hours

    Dormont Manufacturing Company

    Dallas, TX
    4 days ago
  • $95k - $110k

     ...Overview Role: Risk Analyst – Dallas. Who: A growing auto finance company building out its credit risk team. What: Analyze and forecast repossessions, origination risks, servicing exposure, and overall credit performance. When: Newly created position due to organizational... 
    Work at office

    Staff Financial Group

    Dallas, TX
    15 hours ago
  •  ...Risk Analyst Dallas, TX The Risk Analyst will support clients and executive/market leadership by implementing insurance solutions for the organization. Successful implementation is based on a deep understanding of the business model of the organization, a clear understanding... 

    Lincoln Property Company

    Dallas, TX
    15 hours ago
  • Job Summary The Director, Customs Compliance – Americas is responsible for the strategic leadership, governance, and operational oversight of the customs compliance program across all business units in the Americas. This role ensures full compliance with applicable customs...
    Local area
    Remote work

    FLIR Systems

    Garland, TX
    15 hours ago
  • ABOUT THIS ROLE Apex Fintech Solutions is seeking a dynamic and effective Manager of Regulatory Compliance to lead and manage a team responsible for addressing regulatory inquiries, firm examinations, and rule interpretations both internally and externally. This position...
    Work at office
    Work from home

    Apex Fintech Solutions LLC

    Dallas, TX
    15 hours ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to GRC Analyst. Be the first to apply!

Related searches