×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Senior GRC Analyst

Job in Boston, Suffolk County, Massachusetts, 02298, USA
Listing for: Blackkite
Full Time position
Listed on 2026-05-18
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 95000 - 110000 USD Yearly USD 95000.00 110000.00 YEAR
Job Description & How to Apply Below

ABOUT BLACK KITE

Black Kite is the global leader in third‑party cyber risk intelligence, trusted by more than 3,000 organizations worldwide. We give security and business leaders a continuous, outside‑in view of their entire vendor ecosystem — translating complex cyber, financial, and compliance signals into clear, actionable risk intelligence.

We go beyond open standards‑based cyber ratings. Black Kite helps organizations make smarter risk decisions, strengthen business resilience, and scale their third‑party cyber risk management programs in an increasingly complex digital environment. Our work has earned consistent recognition from customers and industry analysts alike.

WHY BLACK KITE

We’re a fast‑moving, high‑impact team solving one of the most critical challenges in cybersecurity today. If you’re looking to do meaningful work alongside sharp, collaborative people — and grow your career in a space that matters — you’re in the right place.

THE OPPORTUNITY

The Senior GRC Analyst reports to the Director of Information Security and owns three primary functions: the compliance platform (Vanta), inbound customer security assessments, and FedRAMP Con Mon execution support. This is an independent practitioner role — direction comes from the Director, but you own your work without step‑by‑step guidance.

The “Senior” in this title is earned by the scope, not just the experience level. Owning the compliance platform means auditors see your work directly. Owning customer assessments means your responses are read by enterprise security teams before they sign. Supporting FedRAMP Con Mon means authorization status depends in part on what you produce monthly. The stakes are real.

WHAT YOU’LL OWN Compliance platform (Vanta) — primary owner
  • Own the compliance platform end-to-end: evidence library currency, control mapping accuracy, framework completeness across SOC 2, ISO 27001, FedRAMP, and GDPR
  • Evidence is current year-round — not assembled at audit time; no stale or missing evidence in any active certification domain
Customer security assessments — primary owner
  • Own the inbound customer assessment intake and response process — all RFPs and security questionnaires are assigned, tracked, and responded to within defined SLA
  • Collaborate with sales, legal, and technical teams on complex questionnaire responses; escalates novel or sensitive items to the Director
  • Maintain and improve the questionnaire response library across all active frameworks
FedRAMP Con Mon — execution support
  • Support monthly Con Mon reporting — vulnerability scan results, POA&M updates, and evidence — as primary executor
  • Maintain POA&M tracking accuracy; flag aging items to the Director before they breach defined thresholds
TPCRM and compliance support
  • Support third‑party risk identification, assessment, and monitoring activities as directed
  • Monitor compliance framework and regulatory changes; assess impact and surface findings to the Director with a recommended response
  • Support internal audit processes — evidence coordination, control testing documentation, and auditor request responses
WHAT YOU BRING
  • 2–4 years of hands‑on experience in GRC, compliance, or information security
  • Practical working knowledge of SOC 2, NIST, or ISO 27001 applied in a real compliance environment
  • Experience producing compliance evidence, contributing to audit cycles, or managing specific framework control domains independently
  • Familiarity with cloud services principles and their security and compliance implications
  • General knowledge of core security domains: network security, email security, endpoint protection, vulnerability scanning, access controls, log management
  • Strong written communication — audit‑ready documentation produced independently
PREFERRED
  • Hands‑on experience administering Vanta or an equivalent compliance platform as a primary owner — not just a user
  • Direct experience with FedRAMP Con Mon — monthly reporting, POA&M tracking, evidence production
  • Experience owning or significantly contributing to a customer security questionnaire response program
  • Familiarity with TPCRM programs and vendor questionnaire workflows
  • Active or in‑progress certification:
    CompTIA Security+, CISA, CRISC, ISO 27001 Lead Auditor/Implementer, or equivalent

The expected base salary range for this role is $95,000-$110,000 per year. Compensation at Black Kite is more than just base pay — we offer a total rewards program that includes performance‑based bonuses, equity, flexible healthcare options, paid time off, and retirement savings programs. The annual base salary range for this position represents a nationwide market range and reflects a broad spectrum of salaries for this role across the United States.

Actual compensation will depend on factors such as qualifications, skills, experience, and the scope, complexity, and location of the role.

#J-18808-Ljbffr
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search