×
Register Here to Apply for Jobs or Post Jobs. X

Sr. GRC Analyst

Job in Albuquerque, Bernalillo County, New Mexico, 87101, USA
Listing for: Subsplash
Full Time position
Listed on 2026-07-08
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 95000 - 105000 USD Yearly USD 95000.00 105000.00 YEAR
Job Description & How to Apply Below

Subsplash is an award‑winning team of 280+ mission‑driven people committed to humility, innovation, and excellence. Founded in 2005, we pioneered the first church mobile app and now build The Ultimate Engagement Platform™ for churches, Christian ministries, non‑profits, and businesses worldwide, serving 14,000+ clients and millions of users daily.

About the Team

The IT Team maintains all activities and services that support business functions, ensuring proper security across all IT systems. We deliver robust day‑to‑day technical support and handle essential functions such as access management, user provisioning and deprovisioning, new hardware and software setup, and budget‑controlled subscription spend.

About the Role

The Senior GRC Analyst acts as a strategic lead to advance security and risk operations. You will integrate people, policy, and technology to drive operational excellence and framework maturity, identify security gaps, implement best practices, and mature our control environment. We are building an AI‑first compliance function, and this role will lead the deployment of AI tools that scale our GRC program.

Compensation
  • The total compensation for this position is between $95,000–$105,000/yr, depending on experience level.
Essential Functions of This Role Compliance Program Management & Audit Leadership
  • Audit Execution:
    Act as the primary point of contact for external auditors; lead the end‑to‑end execution of PCI DSS audits and support internal audit on IT SOX controls.
  • Data Mapping Maintenance:
    Develop and maintain a comprehensive data inventory and data flow diagrams to track sensitive data (PII, PCI) and ensure compliance with privacy regulations.
  • Framework Maturation:
    Map and implement controls across multiple frameworks (PCI DSS, NIST CSF) to eliminate redundancies and improve the organization’s security posture.
  • GRC Reporting:
    Track and report on GRC program health across compliance posture, risk register status, audit readiness, and control effectiveness. Present metrics and trends to leadership on a regular cadence.
Access Governance & Identity Management
  • User Access Reviews:
    Orchestrate and lead the quarterly and semi‑annual user access review process across all critical systems (SaaS, cloud infrastructure, and internal tools).
  • Joiner/Mover/Leaver Oversight:
    Monitor and validate that provisioning and deprovisioning processes are executed accurately and on time across critical systems. Flag exceptions, track remediation, and maintain documentation to support access control audits.
Security Awareness & Phishing Program
  • Program Ownership:
    Execute and maintain a year‑round Security Awareness Training (SAT) program that meets PCI DSS requirements while driving actual behavioral change.
  • Phishing Simulations:
    Execute monthly or quarterly phishing simulations; analyze fail rates and provide targeted follow‑up training to high‑risk groups.
  • Content Curation:
    Select and deploy engaging security content, newsletters, and security moments to keep cybersecurity top‑of‑mind for all employees.
  • Reporting:
    Present program health metrics (completion rates, simulation trends, and reporting speed) to the leadership team.
Risk and Vendor Management
  • Vendor & Risk Execution:
    Execute the TPRM program—conducting vendor security reviews, tracking remediation to completion, and escalating high‑risk findings to leadership.
  • Risk Register Ownership:
    Maintain and update the corporate risk register, ensuring remediation efforts are tracked, validated, and communicated to leadership.
Desired Qualifications
  • Experience:

    3–5 years in GRC, Information Security, or Audit. Fin Tech or Financial Services industry experience is highly preferred.
  • Technical Mastery:
    Deep practical knowledge of PCI DSS requirements and controls.
  • Data Governance:
    Experience performing data mapping exercises and maintaining Records of Processing Activities (RoPA).
  • SAT Strategy:
    Proven experience managing phishing platforms (KnowBe4, Mimecast, or Vanta‑integrated tools) and developing security training curricula.
  • IAM Expertise:
    Proven experience managing formal access review cycles and identity governance processes.
  • Systems:
    Proven experience administering a…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary