×
Register Here to Apply for Jobs or Post Jobs. X

Senior GRC Analyst - IT Governance, Risk & Compliance

Job in Atlanta, Fulton County, Georgia, 30383, USA
Listing for: Randstad Digital
Full Time position
Listed on 2026-06-30
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 55 - 65 USD Hourly USD 55.00 65.00 HOUR
Job Description & How to Apply Below
job summary:

GDOT is building a Governance, Risk, and Compliance (GRC) function within the Office of Information Technology to establish formal risk management, regulatory framework alignment, and audit readiness practices. This senior-level role is responsible for designing the GRC program structure, implementing and operating core GRC processes, and influencing risk-based decision-making across the department. This is a foundational, high-ownership role for an experienced GRC professional who can operate independently, establish processes from the ground up, and build a function that scales.

location:
Atlanta, Georgia

job type:
Contract

salary: $55 - 65 per hour

work hours: 8am to 5pm

education:
Bachelors

responsibilities:

Risk Register Stewardship

- Establish and maintain the Enterprise IT Risk Register, including risk identification, categorization, likelihood/impact scoring, and ownership assignment.

- Provide leadership with regular risk reporting and a clear view of GDOT's IT risk environment.

- Track remediation of identified risks to closure and escalate high/critical risks appropriately.

Framework Implementation & Gap Analysis

- Lead the mapping of GDOT's IT controls against applicable state-mandated and industry frameworks (e.g., NIST 800-53, NIST CSF).

- Perform gap analyses, document findings, and develop remediation roadmaps in partnership with control owners.

- Track control maturity over time and report progress to leadership.

Policy & SOP Governance

- Draft, maintain, and periodically audit GDOT IT policies and standard operating procedures.

- Manage the policy lifecycle - drafting, technical review, approval routing, publication, and periodic re-certification.

- Verify SOPs are being followed by IT teams through documented evidence rather than self-attestation.

Third-Party Risk Management (TPRM)

- Own the vendor and cloud service provider risk review process, including intake, contract review, and risk documentation.

- Evaluate vendor security posture (e.g., SOC 2 reports, architecture review findings) in coordination with technical subject matter experts.

- Maintain the vendor risk register and manage risk acceptance documentation when vendor posture does not fully meet GDOT requirements.

Evidence Collection & Audit Readiness

- Serve as a primary liaison for state and external auditors.

- Build and maintain a centralized Library of Evidence, ensuring change control logs, access reviews, and other compliance artifacts are organized and audit-ready at all times.

- Coordinate evidence requests across IT teams and track completion against defined timelines.

Access Governance

- Define and maintain the schedule and standards for periodic access reviews of mission-critical systems.

- Validate completed access reviews against the principle of least privilege and document findings.

- Track remediation of excessive or inappropriate access identified during reviews.

Program Leadership Scope

This role carries direct responsibility for the following program-level functions:

- Designing the overall GRC program structure, including process design, tooling strategy, and prioritization roadmap.

- Establishing GRC policy and methodology standards that scale as the function grows.

- Mentoring and providing technical direction to additional GRC team members as the function expands.

Representing GRC in cross-functional governance discussions and advising leadership on risk-based prioritization.

What Success Looks Like in the First 12 Months

90 days

Risk register

established and populated. Initial framework gap analysis underway. Evidence

library structure in place.

6 months

Framework gap

analysis complete with a documented remediation roadmap. Vendor risk review

process operating for new vendor engagements. First formal policy review

cycle completed.

12 months

Functioning

evidence collection cadence across IT teams. Access review program operating

on a defined schedule. GDOT positioned with organized, audit-ready

documentation ahead of the next external review cycle.

qualifications:

- 5+ years of experience in GRC, IT audit, information security compliance, or a closely related field, including experience building or significantly maturing a GRC function from an early stage.

- Direct hands-on experience with at least one major framework - NIST 800-53, NIST CSF, ISO 27001, or equivalent - including control mapping and gap analysis.

- Experience conducting or supporting third-party/vendor risk assessments, including review of SOC 2 reports and contract risk language.

- Experience supporting or leading evidence collection and audit response for an external audit (state, federal, or industry).

- Strong written communication skills - demonstrated ability to draft clear policy and procedure documentation.

- Ability to operate independently in an environment where processes and tooling are still maturing, and to design new processes where none currently exist.

- Demonstrated experience designing program structure, methodology, or process strategy for a GRC or compliance…

Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary