×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security IT Business Analyst

GRC Analyst

Job in Dallas, Dallas County, Texas, 75215, USA
Listing for: Momentum
Full Time position
Listed on 2026-04-23
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security, IT Business Analyst
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below

Overview

Momentum is a respected collection of independent companies, including PMG, Koddi, Further. We serve as a premier global business transformation partner for over 125 of the Fortune 500 brands. With 1,400 global employees and $5B in media spend under management, we foster a fast-growing, values-driven, people-first environment where you can thrive.

Our portfolio of companies partners with some of the world’s most iconic and ambitious brands. We combine scalability with a solutions-oriented approach to deliver fast-paced, innovative results for our customers while creating meaningful growth opportunities for our teams.

If you are looking for opportunities to grow in your career and are passionate about being at the forefront of data and technology, and driving rapid innovation in the future of commerce, we would love to talk with you about joining Momentum.

We believe that a culture of belonging, inclusion, and diversity is key to empowering our team members to thrive both personally and professionally. Living out our values is not just a goal; it s a daily practice! For more information, please visit

The Opportunity

We are hiring a Security GRC & Risk Analyst to own the governance, risk, and compliance execution layer across a holding company and portfolio of businesses. This is a build-oriented role with a defined scope: you will be the internal anchor for our SOC 2 Type II audit, NIST CSF remediation roadmap, security policy library, vendor risk program, and client-facing security questionnaires.

You will work directly with the Cybersecurity Manager and a vCISO partner, collaborate with the Data Privacy legal team as a peer on overlapping policy areas, and engage regularly with portfolio company stakeholders. A dedicated internal Data Privacy legal team owns regulatory compliance - GDPR, CCPA, breach notification, and data subject rights. This role owns the technical controls layer: the evidence, the frameworks, the audit coordination, and the vendor risk program.

Join us in this full-time role, based in our Dallas Office at the Link: 2601 Olive Street, Dallas, TX. Be part of a vibrant community where amazing people, data & insights, and perpetual innovation converge to shape the future of digital commerce!

About This Role at Momentum

What You'll Do

SOC 2 & NIST CSF Program

Own the internal SOC 2 Type II evidence collection process, keeping controls audit-ready year-round. Manage the audit timeline, day-to-day liaison with the external auditor, and remediation finding closure between cycles.

Own the NIST CSF remediation roadmap: maintain the gap register, report progress to the VP and vCISO on a defined cadence, and coordinate with portfolio company IT teams to assess and close control gaps.

Build and maintain a unified controls library mapping SOC 2 Trust Services Criteria, NIST CSF subcategories, and applicable regulatory requirements.

Prepare the organization for bi-annual NIST CSF assessments, ensuring controls are documented and defensible.

Security Policy & AI Governance

Operationalize the enterprise-wide information security policy library across the corporate entity and portfolio companies. Inventory gaps against SOC 2, NIST CSF, and applicable regulations; draft, publish, and version-control policies in coordination with the vCISO.

Build and maintain annual policy attestation workflows across all employees. Bridge with the Data Privacy legal team on overlapping areas: data classification, retention, and incident notification.

Develop and maintain the AI governance framework: tool intake review, data handling risk assessment, and acceptable use policy. Evaluate AI tools proposed across the corporate entity and portfolio companies against security and compliance standards.

Own AI-related policy documentation and track emerging regulatory requirements including the EU AI Act and NIST AI RMF.

Build and maintain a risk register with risk-to-control mapping. Define and document formal risk tolerance and appetite in coordination with the vCISO and leadership.

Own the third-party risk management program. Define and implement a tiered due diligence model (critical, high, medium, low) and conduct…

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search