GRC Analyst

GRC Analyst Job Description Template

Our company is looking for a GRC Analyst to join our team.


  • Interface with IT units and business partners to provide guidance and support;
  • Perform security and compliance assessments on new and existing systems, processes, technology;
  • Work with various business units to ensure controls are adequate, appropriate, and effective;
  • Collaborate to define IT security standards and develop supporting organizational policies;
  • Perform business impact analysis and assist with development of IT/InfoSec risk register;
  • Perform periodic gap assessments to validate compliance on an ongoing basis;
  • Support vendor due-diligence process and help to lead and define overall third party risk management efforts;
  • Support internal and external audit process for relevant compliance;
  • Coordinate and participate in disaster recovery and business continuity planning;
  • Stay up to date and informed on developing regulatory concerns and changing IT and information security trends.


  • Bachelor’s degree or equivalent combination of education and experience;
  • Experience with IT GRC platforms;
  • Experience with IT governance, risk, and compliance management in a complex global environment;
  • Ability to excel in a fast paced and rapidly changing environment;
  • Familiarity with ISMS and security frameworks, particularly ISO 27001/27002 and NIST RMF;
  • Strong understanding of fundamental information security concepts and technology;
  • Industry certifications such as CISSP or CISA are strongly preferred;
  • Significant experience with legal and regulatory compliance standards such as NYDFS Cybersecurity Regulation, GDPR, etc;
  • Strong work ethic with attention to detail;
  • Excellent oral and written communication skills.