×
Register Here to Apply for Jobs or Post Jobs. X

Information Security GRC Analyst

Job in Denver, Denver County, Colorado, 80285, USA
Listing for: Chatham Financial
Full Time, Contract position
Listed on 2026-07-10
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security, IT Consultant
Salary/Wage Range or Industry Benchmark: 90000 - 120000 USD Yearly USD 90000.00 120000.00 YEAR
Job Description & How to Apply Below
Position: Contract Information Security GRC Analyst

Job Description Overview

We don't simply hire employees. We invest in them. When you work at Chatham, we empower you - offering professional development opportunities to help you grow in your career, no matter if you've been here for five months or 15 years. Chatham has worked hard to create a distinct work environment that values people, teamwork, integrity, and client service. You will have immediate opportunities to partner with talented subject matter experts, work on complex projects, and contribute to the value Chatham delivers every day.

In

this role you will

The Information Security GRC Analyst with a Risk and Policy focus is responsible for assisting in the execution of the organization's security risk management program and supporting policy governance. This role takes the lead in conducting the security risk assessments for Chatham systems, vendors and business processes. This role is responsible for maintaining the technology and cybersecurity risks on the operational risk register;

tracking issues and risk mitigation activities; and supports policy development. This role is also responsible for translating technical risks into business-relevant recommendations, recommending risk-based decisions, documenting decisions on risk treatment, tracking risk mitigation action plans to completion and reviewing systems/processes for policy compliance.

  • Risk Assessment Execution: Conduct technology and security risk assessments for internal systems, product and technology projects using established frameworks (NIST SP 800-30, ISO 27005, etc.)
  • Technology and Cybersecurity Risk Register Management: Maintain the technology risk register (includes Cybersecurity) documenting threats, vulnerabilities, impacts, likelihood, risk ratings, and treatment decisions; ensure consistent updates with stakeholder input
  • Technology and Cybersecurity Risk Mitigation Tracking: Document risk treatment plans with action items, responsible parties, and target dates; track remediation progress; verify risk reduction upon closure
  • Technology and Cybersecurity Policy Support: Support policy lifecycle activities including drafting, review, and updates; ensure policies align with industry standards such as NIST, ISO 27001, etc.,
  • Cybersecurity and Information Security Risk Metrics Development: Develop and report risk metrics and KRIs; analyze trends in risk posture; identify systemic issues requiring management attention
  • Technology and Cybersecurity Risk Reporting/Communication: Translate technical risk findings into business-relevant language; prepare risk summaries for management review and decision-making
  • Stakeholder Engagement: Partner with control owners, system owners, product team, technology team and business stakeholders to identify and assess risks throughout the system lifecycle.
Your Impact

Success in this role requires strong collaborative relationships across Chatham. The Information Security GRC Analyst partners closely with the Manager of Information Security GRC, and Information Security leadership to align risk priorities with security strategy. The analyst will interact on a regular basis with technology and information security control owners to ensure controls are properly designed, implemented, and monitored. The analyst engages with Operational Risk to integrate technology and cybersecurity risks into the operational risk framework and reporting.

Finally, collaboration with external auditors during SOC 2 and regulatory examinations validates that risk management practices meet industry standards and client expectations.

Contributors to your success
  • Bachelor's degree, preferably in Information Security, Computer Science, Risk Management, or related experience in the field.
  • 3-5+ years of experience in IT audit, IT risk management, executing security assessments, or experience in a related Technology, IT Audit or Data Governance role.
  • Experience in supporting/coordinating company SOC 2 Trust Services Criteria audits or conducting SOC 2 audits.
  • Experience in conducting technology and security risk assessments using NIST, ISO 27005, or similar methodologies.
  • Strong understanding of Cybersecurity risks and mitigation strategies as well as functional experience with threat modeling, vulnerability analysis, and risk quantification and follow through.
  • Knowledge of security frameworks: NIST CSF, NIST 800-53, ISO 27001, Center of Internet Security (CIS), SOC 2 Trust Services Criteria, Cloud Control Matrix (CCM).
  • Knowledge of third‑party security assessments and/or data protection/impact assessments.
  • Excellent analytical and written communication skills.
  • Certifications preferred: CRISC, CDPSE, CISA, CISSP, ISO 27001 Lead Auditor/Lead Implementer.
  • Other certifications considered: CGEIT, CCSK, CompTIA Security+, CompTIA CySA+, CISSP-Associate, GIA, C/GSEC, PMP/CAPM, AWS Cloud Practitioner, Azure Cloud Practitioner.


* This is a contract position working 40 hours a week.

#J-18808-Ljbffr
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary