Governance Risk & Compliance Analyst

Location: Denver

Job Title:

Governance Risk & Compliance Analyst

Location:

Lakewood, CO

Work Model:
Hybrid - onsite and remote

Overview

System One is seeking a GRC Analyst for an opportunity in Lakewood, CO. The GRC Analyst is a member of the Governance, Risk & Compliance function within the Global Information Security Office and supports the implementation of company ? wide security governance, risk management, and compliance programs. Under the direction of the GRC Functional Leader, the analyst contributes to policy development, risk oversight, and continuous improvement of the organization's security posture.

The role also works closely with regional Information Security Officers (ISOs) and cross ? functional teams to support the deployment of global standards and local regulatory requirements.

Responsibilities

+ Support information security risk assessments for new projects, systems, and business processes.

+ Assist in conducting internal control reviews (e.g., J?SOX), preparing audit materials, and coordinating responses to internal and external auditors.

+ Track and follow up on remediation actions to ensure timely closure of identified risks.

+ Contribute to drafting, updating, and maintaining global information security policies, standards, and procedures.

+ Review relevant laws, regulations, and industry frameworks (e.g., ISO 27001, NIS2) and incorporate stakeholder feedback into documentation.

+ Support the rollout and implementation of policies across regions.

+ Monitor adherence to security and regulatory requirements, including ISO 27001, NIS2, and GDPR.

+ Collect and organize compliance evidence, track corrective actions, and support certification and regulatory readiness efforts such as ISO 27001/42001 and NIS2 programs.

+ Conduct third party security risk assessments by distributing questionnaires, analyzing responses, verifying controls, and documenting results in the GRC tracking systems.

+ Identify and escalate high risk findings to the GRC Functional Leader and support follow up mitigation activities.

+ Participate in the planning and implementation of security awareness programs for all associates.

+ Create e-learning materials and training materials, conduct phishing email exercises, and distribute disseminated content on internal portals.

+ Monitor and analyze global regulatory developments related to cybersecurity with a focus on industrial control systems (ICS), IT environments, and critical infrastructure.

+ Assist in evaluating how new or updated regulations (e.g., NIS2, FDA cybersecurity expectations, industrial cybersecurity standards, or country specific critical infrastructure laws) impact company operations.

+ Track emerging obligations, document requirements, and support gap assessments to ensure timely compliance.

+ Assist in the preparation, maintenance, and continuous improvement of the CISO Dashboard by collecting, validating, and analyzing security metrics across the Global GRC function.

+ Compile key performance indicators (KPIs) and key risk indicators (KRIs) related to compliance status, audit findings, supplier risk, incident trends, training completion, regulatory readiness, and other relevant security domains.

+ Support the visualization and communication of security posture to senior leadership by ensuring data accuracy, timely updates, and clarity in reporting.

+ Support the development and enforcement of governance controls for the secure use of artificial intelligence technologies across the organization.

+ Identify risks related to AI systems-such as model security, algorithmic integrity, and misuse-and contribute to risk assessments and mitigation plans.

+ Help evaluate third party AI tools.

+ Support the development and improvement of GRC processes, tools, and documentation to enhance operational efficiency and standardization.

+ Assist in preparing reports, presentations, and materials for leadership reviews, steering committees, and cross functional meetings.

+ Participate in internal security projects and initiatives, including process automation, metrics development, and enhancements to governance workflows.

+ Provide coordination and administrative…