×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security IT Business Analyst

GRC Analyst

Job in Dallas, Dallas County, Texas, 75215, USA
Listing for: Vaco Recruiter Services
Full Time, Part Time position
Listed on 2026-02-23
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security, IT Business Analyst
Salary/Wage Range or Industry Benchmark: 125000 USD Yearly USD 125000.00 YEAR
Job Description & How to Apply Below
Position: GRC Analyst (469643)

GRC Analyst | 469643 DETAILS

Location: Allen, TX 75013 (hybrid onsite 2-3 days per week)

Position Type: Direct-Hire

Hourly / Salary: to $125K+ (potentially more based on candidate experience-level)

JOB SUMMARY

Vaco is currently seeking a GRC Analyst for a Direct‑Hire opportunity located in Allen, TX 75013 (hybrid onsite 2‑3 days per week). The GRC Analyst will ensure information systems and processes align with established cybersecurity, privacy, and regulatory standards. The GRC Analyst will conduct in-depth security consultations and risk assessments to evaluate the effectiveness of security controls, identify vulnerabilities, and recommend mitigation strategies.

The ideal GRC Analyst will come with 5+ years of hands‑on experience in infosec with heavy risk / compliance emphasis, proven ownership of SOC2 (especially from mid‑sized environments), ability to compile evidence, manage auditors, and possess strong analytical and communication skills.

  • Develop / Maintain Security Policies / Strategies / Governance Documentation – Ensuring Organizational Compliance with Laws / Regulations / Standards
  • Analyze Data from Multiple Sources – Providing Actionable Insights on Cybersecurity / Privacy (Risks / Trends / Opportunities) for Improvement
  • Evaluate Technology Programs / Components for Compliance with Published Security / Privacy Standards – Recommending / Overseeing Corrective Actions
  • Continuous Monitoring / Testing the Effectiveness of Security Controls
  • Anticipate / Respond to Changes in Cybersecurity Policy / Regulations / Technology / Staging Requirements to Maintain Organizational Readiness
  • Lead / Coordinate Security Programs – Ensuring Overall Success / Alignment with Organizational Priorities / Effective Communication with Stakeholders
  • Conduct Gap Analysis / Implement Frameworks / Standards – NIST / SOC2
  • Conduct Vendor Risk Assessments / Against Organizational Security Requirements
  • Manage Risk Validation Testing / Compliance Reviews / Audits in Accordance with NIST Standards
  • Manage / Support SOC2 / Global Audits
  • Maintain / Monitor Central Repository for Audit Evidence
  • Conduct Research to Aid Threat Assessment / Risk Mitigation Activities
About the Project

This GRC Analyst will be the first dedicated GRC expert at a growing financial institution, launching and leading SOC2 compliance, enabling secure digital innovation for members, freeing up IT ops to focus on core work, and growing a foundational compliance program with direct executive visibility (reporting directly to the CIO).

The GRC Analyst will establish and own the GRC function, primarily to achieve SOC2 compliance for a major new digital product rollout launched in late 2025. The SOC2 compliance process has not started yet. This analyst will quickly kick off the SOC2 journey (beginning with Type 1 Design Attestation, then Type 2 Operating Effectiveness over 6–12 months), owning the initiative end‑to‑end (vetting audit firms, conducting gap analysis against SOC2 + NIST, remediating controls, compiling and maintaining audit evidence repository, managing third‑party audits, and ongoing control testing / monitoring), while building a sustainable GRC program.

Currently, business compliance handles some aspects (but lacks deep IT focus), IT operations covers overflow tasks (policy reviews / phishing simulations / audit prep), and the CIO personally reviews and approves everything. A secondary immediate need will be for the GRC Analyst to assist in offloading those burdens from operations.

JOB REQUIREMENTS
  • GRC Analyst (5+ years) – Information Security / Risk/Compliance Emphasis (direct experience) | Cybersecurity Frameworks / Standards (in depth knowledge)
  • Identity Management / Identity Management Standards (knowledge) – IAM Controls (MFA / SSO / RBAC / PAM, etc.) / Reviewing Access Control Metrics / Conducting Access Reviews / Validating Processes | Identity Governance Standards Aligned to SOC2 / NIST (familiarity)
  • Risk / Compliance Program Execution – Demonstrated Ownership of End‑to‑End Compliance Initiatives (Gap Assessment / Remediation / Validation / Audit Support) | Developing Project Plans / Milestones / Control Testing Calendars | Coordinating…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search