GRC Analyst
Listed on 2026-07-01
-
IT/Tech
Cybersecurity, Information Security, IT Consultant, IT Business Analyst
Governance Analyst
The Governance Analyst will be responsible for assisting in the responsibilities of executing the security framework compliance/governance activities and requirements. Day-to-day responsibilities will also include documenting adherence to governance requirements across policies/standards, procedures, controls, compliance, training and awareness, and preparing metrics/KPIs and reporting materials.
Required Skills:
- At least three to five years of work experience in IT compliance, IT Assessments, and/or IT audit experience as well as knowledge and understanding of governance, risk, compliance
- Knowledge of security and risk frameworks, standards, best practices (e.g., HITRUST CSF, NIST CSF, ISO/IEC 27001, COBIT)
- Self-starter with effective written and verbal communication skills along with strong critical thinking skill
- Evaluate the design and operation effectiveness of Business/IT operations against the HITRUST CSF and identify areas of improvement
- Interview SMEs, examine evidence documentation, analyze and perform testing
- Learn the company functions/processes by conducting process walk throughs
- Analyze root cause of issues, provide recommendations for process improvements and risk mitigation based on assessment findings
- Collaborate with cross-functional teams to mitigate risks and ensure compliance with HITRUST CSF
- Deliver effective and concise documentation that meets HITRUST quality standards
- Prepare and provide reporting such as dashboards and metrics, on various areas of performance, issue analysis and assessment statuses
- Utilize GRC tools to effectively manage assessment remediation plans and documentation
- Serve as a HITRUST subject matter expert
Education &
Certifications:
Undergraduate university degree (4-year) preferred but not required. Experience in Information Security, IT general controls, IT compliance, IT assessments and/or IT audit experience. Certified Information Systems Security Professional (CISSP), CISA, CPA/CA, CISM or other equivalent professional certification preferred but not required.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).